This page is a part of XSecurePro online Help Manual.
|7. Telnet_SSH||< previous | content | next >|
Port forwarding is the concept of connecting a logical port on a local machine to a port on a remote machine over a secure (encrypted) channel. All requests for services sent to the local port are then forwarded across the secure channel to the corresponding port on the remote machine.
Port forwarding of arbitrary TCP/IP connections over the secure channel can be used for secure connections to electronic purses or going through firewalls. Port forwarding is a powerful tool that allows you to secure TCP/IP traffic by using Telnet_SSH' SSH1/SSH2 protocol support. This means that you can encrypt application data for insecure network traffic using protocols like SMTP, POP, and IMAP.
Telnet_SSH supports X11 forwarding. This feature allows X Window traffic between the X server and X client (forwarding X Window packets through the SSH session) to be encrypted.
In general, with any port forwarded by Telnet_SSH for an application, the application needs to be configured to use 127.0.0.1 (otherwise known as "localhost" or "loopback") as its application server address. Hostname and port configuration needs to be done in both Telnet_SSH and the client application (e.g., e-mail). After connecting with this session, the client application traffic is encrypted to the SSH server as long as Telnet_SSH is running. If the connection to the SSH server is broken or closed, the forwarded ports will no longer be forwarded, and the client applications may receive an error when they try to connect to the local port.
It is important to understand that the client data is only encrypted between the machine that Telnet_SSH is running on and the SSH server that Telnet_SSH is connected to. Any data moving from the SSH server across the network to another server is not encrypted.
The Forwarding option presents you with the Forwarding Setup window (for the SSH1/SSH2 protocol mode):
This button allows you to add entries into the Port Forwarding list. When you press the button, the empty SSH Port Forwarding window will appear, and you can specify new port forwarding settings.
This button allows you to modify an entry selected on the Port Forwarding list. When you press the button, the SSH Port Forwarding window will appear, and you can modify current settings for the entry.
This button allows you to remove selected entries from the Port Forwarding list.
This check box specifies whether X11 connections will be automatically redirected over the secure channel. This feature allows X Window traffic between the X server and X client (forwarding X Window packets through the SSH session) to be encrypted.
X11 forwarding is the process of transporting X11 data over an encrypted channel from a remote machine to a local machine. In this mode, the SSH server automatically sets the DISPLAY environment variable on the server machine, and forwards any X11 connections over the secure channel. Fake Xauthority information is automatically generated and forwarded to the remote machine (your PC); the local client automatically examines incoming X11 connections and replaces the fake authorization data with the real data (never telling the remote machine the real information).
Note: the X Forwarding option allows Telnet_SSH to accept X11 data from the remote machine and forward it to the X server running on the local machine. Telnet_SSH does not work as an X server. The local X server must be running before any X11 sessions can be displayed. If you are using Xhost authority access on the local X server, you will need to add address 127.0.0.1 (otherwise known as "localhost" or "loopback") to your server's Xhost list.
The DISPLAY variable indicates the location of the X11 server. It is automatically set by SSH to point to a value of the form "hostname:n" where hostname indicates the host where the shell runs (the server machine), and n is an integer greater than zero (a display number). This is normal, and happens because SSH creates a "proxy" X server on the server machine for forwarding the connections over the encrypted channel. The SSH server uses this special value to forward X11 connections over the secure channel. The user should normally not set DISPLAY explicitly, as that will render the X11 connection insecure (and will require the user to manually copy any required authorization cookies).
If the user is using X11 (the DISPLAY environment variable is set), the connection to the X11 display is automatically forwarded to the remote side in such a way that any X11 programs started from the shell (or command) will go through the encrypted channel, and the connection to the real X server will be made from the local machine.
When you press the Add or Edit buttons in the Forwarding Setup window the SSH Port Forwarding window will appear:
This dialog box lets you specify data for port forwarding. Ports may be defined either by their port number or by their service name.
Arbitrary TCP/IP ports can be redirected through the encrypted channel in both directions (e.g., for e-cash transactions).
Specifies that the given TCP/IP port on the local (client) machine be forwarded to the given host and port on the remote side. This works by allocating a socket to be listened port on the local side, and whenever a connection is made to this port, the connection is forwarded over the secure channel and is made to host:hostport from the remote machine.
When enabled, this radio button allows you to enter the local port in the entry field or select its service name from the corresponding drop-down list box.
Enter the remote host name or IP address.
Enter the remote host port in the entry field or select its service name from the corresponding drop-down list box.
Specifies that the given TCP/IP port on the remote (server) host be forwarded to the given host and port on the local side. This works by allocating a socket to listen to port on the remote side, and whenever a connection is made to this port, the connection is forwarded over the secure channel, and is made to host:hostport from the local machine.
When enabled, this radio button allows you to enter the remote port in the entry field or select its service name from the corresponding drop-down list box.
Enter the local machine name or IP address.
Enter the local machine port in the entry field or select its service name from the corresponding drop-down list box.
When you press this button (for SSH1/SSH2 protocol mode), the Forwarding settings you have made will be stored. They will take effect immediately for the current connection, otherwise - with the new session.
|7. Telnet_SSH||< previous | content | next >|
|Copyright © 1999 - 2009 LabtamTM Inc.|