SSH and SCP over alternate ports

5 May, 2007 – 11:05 pm

For an internet facing SSH server, it is probably common practice to have sshd listening on a non-standard port. Coupled with key pair authentication, this reduces the profile you present to simple brute force attacks.

Connecting to a SSH server on a non standard port is relatively simple:

ssh -p <yourPort> username@servername.com

You may however need to copy files from the SSH server on an alternate port. Easy:

scp -P <yourPort> username@servername.com:/path/to/remote/file ~/home/path/to/local/file

But what happens if you’re using a proprietary client other than scp from the console that won’t support non standard ports?


The simplest way to do this I found is with port forwarding.

First, and you will need to be root to do this, forward the priveleged port 22 on your local machine to the remote port on the target:

sudo ssh -p <yourPort> -L 22:127.0.0.1:<yourPort> username@servername.com

Then after that your client can just talk to localhost and it will be bound to the forwarded port on the remote host:

scp username@127.0.0.1:/path/to/remote/file ~/home/path/to/local/file

Now your proprietary apps can talk merrily away. By the way, this is an extremely good method for running Microsoft RDP sessions over a secure SSH tunnel:

ssh -p <yourPort> -L 3389:127.0.01:3389 username@servername.com

Then just use remote desktop but point it to local host:

mstsc /v:127.0.0.1

Share it: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Netscape
  • Reddit
  • Slashdot
  • Technorati
  • YahooMyWeb

Post a Comment

*
To prove that you're not a bot, enter this code
Anti-Spam Image

Login 90kts is proudly powered by WordPress Entries (RSS).