Start a new topic

Setting up an SSH Port Forwarding Tunnel

gwhelchel @ Sat Oct 25 15:48:03 EEST 2014
I am wanting to setup an SSH tunnel in CrushFTP 7 to allow certain clients encrypted access to my Squid3 proxy. I've been doing it via SSH/SOCKS5 login to the server, but I want to figure out a way to not give them a command prompt into the server. I'd rather not have to use a restricted shell or chroot the users. It looks like the SSH port forwarding feature of Crush might work for this, but I can't seem to figure out how to configure it. Has anyone had any experience with this that could give me a few tips? For one, I'm not sure what, if anything, needs to be configured on the client's side. And, how is the SSH connection authenticated?


spinkb @ Sat Oct 25 17:16:16 EEST 2014
The SSH port forwarding is probably what you want then. You just have to not start a shell prompt when initiating a tunnel.

ssh -oPort=2222 -N -L

-N stops the creation of a shell which CrushFTP would reject. Its all standard ssh syntax.

To make the tunnel in CrushFTP, go to the prefs, tunnels, add a new tunnel, type SSH, port 2525,, and destination some port 80. If you make it "user configurable" then the connecting user can choose any location they like...but if you specify a specific location and don't make it user configurable, it won't allow anything.

Once the tunnel is made, go to the User Manager, tunnels section for a username and add the tunnel to their account.

gwhelchel @ Wed Oct 29 13:11:10 EET 2014
Thanks, Ben.

That worked perfectly. The thing that was throwing me off was I didn't realize that Crush would reject a shell prompt. I was trying to set it up without the -N switch. It's all working great now.

Login to post a comment