I was refreshing my memory today on setting up ssh tunnels and I came across several sources that describe forwarding some local port to a website. For example:
“Open up a terminal window on your client and issue the command:
ssh -L 8080: localhost
You will be prompted to enter your user password for the client machine. Essentially, you are connecting, via SSH, back to your client machine, but creating the necessary SSH tunnel to the destination. After you've successfully authenticated against your local account, open up a browser and point it to . Your browser should automatically redirect you to Slashdot.”
Only, this doesn’t work if you actually try it. I end up with failed connections, 500 errors, 404 errors, etc. I’ve tried other sites, even non https. What’s the deal?
22 Answers
This technique works, but is not very good for accessing websites since you need to forward a port for each and every domain being accessed. If you load slashdot in chrome and use the developer tools, you can see that when you load slashdot it is actually loading content from at least 21 different domains. If you are only forwarding one domain then you won't see all the content.
Another problem is that you are tunneling to port 80 on a site that is serving content on port 443. If you run "curl -i slashdot.org" you will see that it serves you a 301 redirect to HTTPS. When the browser tries to follow the redirect to HTTPS everything will fail.
You would be better off using ssh as a SOCKS proxy and configuring your browser to use it. You can open a socks proxy on a local port like this:
ssh -D 8080 myhost.commyhost.com could be "localhost" in your case, but usually is a remote server. Once you have this session open, just go into browser preferences and configure the browser to use a SOCKS v5 proxy pointed at localhost port 8080 (easier to do in firefox than chrome imho). Once that's done the browser will run all of its traffic through the ssh tunnel.
This can be incredibly useful for accessing websites hosted on private networks, or encrypting your data across a network you think is not secure.
3Jeff is being absolutely right, however I'd like to add on a solution with local port forwarding:
Since the website you're trying to access is using HTTPS, you need the access its port 443.
$ ssh -L 8080: localhostIn addition to that, you need to use https:// in the browser instead of http://, so you would access the following URL in your browser: . On firefox, this presented me with a "unsecure connection" warning since obviously the SSL certificate issued for the website you're trying to access was not signed to be used with localhost. However you can ignore this warning and proceed.
