SSH tunnels and remote port forwarding

If you want you can skip the beginning blurb and go right to the recipe.

Every so often you face a tough problem then someone sayz to yuh, “Cliff, have you tried ssh tunnels?” (well that’s what hey would say to you if you were me, and if you were me you would have a habit of making easy problems way tougher than they need to be while you make tough problems easy.) That’s what happened to me a loooong time ago… like around last month. The I was chattin’ with the VP of technology about all things Maven and mobile related explaining how clever we were with our solution to on device testing when he suggested we try ssh tunneling. I read an article that day and got excited because it looked soo easy. Then I made a promise to our mobile dev team that I would prototype it over the weeken. Then I quietly forgot about it. Today the question came up again and I was like, “Oh crap! I never did try prototyping a solution to that problem!” I gave it a good hour of effort before getting stuck. It’s really not that difficult, and after leaving for the day, coming home and attacking it fresh I found that I only had one minor problem… I didn’t read the docs completely. (That’s how it goes when I see something cool. I jump in head first and complain because I always miss something simple and fundamental.) Silly babbling aside I present you the how to on what to do to get to your CPU thru EC2…
(or any other public remote web host)

1 Remote server running a flavor of ssh. (In my example I assume openSSH as it’s prevalent across many Linux distros.)
1 local computer that you desire to access also running a flavor of ssh (I’m using OS X in my example.)
2 Eggs slightly beaten whites removed.

1. Combine one additional parameter with the default sshd_config file under our server’s /etc/ssh folder. Use vi, nano, kate, gedit or a fancy command like the following.
sudo echo ” GatewayPorts yes” >> /etc/ssh/sshd_config
[For best results supply password when using the above crazy command.] The parameter name is GatewayPorts and the value should be yes to allow clients other than the server itself to tunnel into your local machine.

2. Execute one sshd restart command to allow the new parameter to be considered on the server. Eg.
sudo /etc/sshd restart

3. Add -R [remote port]:localhost:[local port] to 1 1/2 cup of ssh command typing slow to avoid error. The remote port is the port number you wish to tunnel through on the remote machine while the local port is the port you want all traffic to be directed to on the local machine. Eg.
ssh me@myremotehost -R 80:localhost:9002
This can be used to forward all web server requests to a server app running on the crappy Compaq that you used to execute the ssh command.

That’s it! The net result would be a service running on your desktop/laptop/MacBook in your garage appearing as if was running on the public remote web host. So then you point your browser to http://myremotehost and your home equipment gets all the traffic. The secret is the “GatewayPorts yes” property that must be set in the remote host’s /etc/ssh/sshd_config file. That secret value bypasses all common sense security allowing anybody on the internet to peek into your home located machine and access the pictures of you and the kids looking burnt up at Daytona Beach, FL.

Now why would you want to do that? There are all sorts of possibilities that arise when you start playing with tunnels. First off, they run through the security of secure shell, a robust tool that I’ve only begun to understand the capabilities of. (It seems like ssh can do everything from being a secure channel, to enabling sFTP, to being a mountable file system allowing Windows explorer like file browsing, to recording those 10:30am episodes of Judge Judy while you’re at work. Yes, ssh can do that too.) Tunnels work both ways, remote forwarding and local forwarding. If you were behind a firewall that allowed connections to remote ssh hosts but blocked some other port/protocol you could sidestep by doing something similar to the above but substituting the ‘-R’ with a ‘-L’ for a local forward. Then all the traffic sent to the machine you run the ssh command from would be forwarded to the remote host. It’s so simple! Setting up a tunnel is a matter of specifying the port you want to forward from and the port you want to forward to! Use your imagination, and happy port forwarding!

Use ALSA for OSX Sounds

A follow up to a much earlier post using the same idea I’ve modified my old command line shell script to handle .m4a and partially .aif files. The catalyst was my neighbor on the other side of my cube wall. He got tired of hearing my Kopete blips and I’ll admit they do sound annoying. So now I opted for the much softer TokyoTrainStationAdiumSoundset from Apple’s adium IM client. Pulling these sounds over was the fun part. Using Konqueror, I drill into my Mac with the “fish://” protocol and navigate to /Applications/Internet/ where all of my Adium sound sets await, eager to invade my hungry little ear drums. I copy them to a folder locally. (Alternatively I could have opened the Adium application bundle in Finder by command tapping or right clicking or two-finger tapping and choosing “Show Bundle Contents”. I could then use MacFuse/MacFusion which is always broken after a run of Mac Janitor and mount my Linux box to push the files over.) I then dump my earlier shell script somewhere in my path (I named it alsa-play this time) and use it to configure Pidgin. (The same will work with Kopete though I’m using Pidgin now because Kopete has been acting very funny. The big problem is that Kopete refuses to communicate with my buddy’s WinXP install of Pidgin… so many variables, so little time to chase them all!) I apt-get install faad which is a command line tool for decoding Apple audio files. Here’s the painful part, figuring out which command line parameters to pass to both faad and aplay. (aplay is the command line tool for jamming audio 1s and 0s into your sound card which, in turn, shoves these 1s and 0s down the thin black cable connected to your speakers which eventually convert the numbers into sound by rattling those pricey paper cones located inside their towers. Its amazing how much I’ve learned about audio… can you tell how much I love the study of sound?) After various iterations of producing garbled nonsense from failed commands I learned that I was missing an “-f cd” flag on aplay. Who would have known? I’m not even sure I remember what the flag means. Here’s the finished script. (Remember it assumes you have faad, oggdec, and mpg123 installed for conversion puurposes.)


case $1 in

   *.m4a|*.aac|*.aif) faad -w -q $1 | aplay -q -t wav -f cd

   *.ogg) oggdec -Q -o - "$1" | aplay -q &

   *.wav|*.voc|*.wav|*.au|*.raw) aplay -q $1 &

   *.mp3) mpg321 -o alsa $1 &

   *) echo "unsupported file type $1"

Broken screen resolutions in Mepis 7

It’s been a while since I’ve been entrenched in Linux. I used to know this stuff like I know karate. (I took all of two months of Taekwondo which were Tuesday and Thursday evening courses back in the 6th grade.) There was a time I could dcopfrom KMenu through Amarok and generate Growl-like messages when new apps were installed. Now it feels like a struggle. Today I figured out how to fix my screen resolution in my recent Mepis 7 install. There’s a page on the wiki I used as a guide. For whatever the reason my resolution was too low in Twin View mode after installing the NVidia driver (2048×768 combined resolution) leading to some huge fonts that I couldn’t understand and other oddities. The fix was as simple as adjusting the MetaModes in my xorg.conf file. The meta modes is what seems to control the available resolutions in the twin view display settings. Also, if you’re gamma-configuring inclined you may wish to apt-get install the nvidia-settings program to fine tune things like Open-GL and other egg head parameters that I’ll only learn about two years from now when I’m stuck on the toilet looking for reading material and decide to pull out the mobile and do some web browsing finally noticing only few sites look good on the 8830 Wikipedia being one and JoelOnSoftware the other.

KDE Katapult Tip

I’ve done this before, all of it. Everything I’ve done to my new Mepis box is a repeat of two years ago but a lot of it I can’t remember… too hazy. That’s why the blog posts.

Today’s tip involves Katapult. I fell in love with it because of the way it lists my album art as I incrementally search my music selection. I used to rate it above anything on the Mac until I actually tried a Mac. (Silly me, right!) After having been exposed to QuickSilver for a while (and to that extent even Launchy has a thing or two on Katapult!) I miss the ability to re-index my catalog. What that means is being able to see the things right after you install them. Quicksilver (and I think even Launchy) does this automatically on an interval and gives you the option of manually starting a re indexing. Katapult, sadly, only indexes on startup. So I have this one line bash command that you can stick in your KDE menu (so Katapult can see it) that will force a rebuild of the index.

dcop katapult MainApplication-Interface quit; katapult

It restarts Katapult and if you put it in your KDE menu (and stick the Katapult icon on it all nice and cute like) just as I did then you can invoke katapult, right after you do something like install Pidgin, or Groovy, then restart and the next time you bring up Katapult your new install will be there.

Creative Sound Blaster X Fi on Ubuntu Hardy

I got a lot to say but no time to say it. For now just know that I’m back on Linux and fighting with audio incompatibility. It sux because most everything else works on my fresh new Mint Linux (that’s right I’m on Mint now, not Mepis, not Kubuntu…) install. For what it’s worth I think my answers may be here. If you have a Creative Sound Blaster X Fi card and are considering installing the latest version of Mepis, (K)Ubuntu, or Mint, look at this guide:

There’s a blurb about SLAB vs. SLUB don’t ask me what it means just follow along. I’m going to try this myself in another day or so.

DSL installs in minutes

I was falling off. Not able to find the right wizardry to dynamically figure out the home folder of the current executing script. (FWIW use `dirname $0`) Not able to substring a string. Losing familiarity with regex. Seeing “grep” as a typo for grab. I couldn’t even figure out how to install Icewm! Now I’m starting to get over all of that. I’m also noticing my hit counter slowly increase from 20 (the neighborhood kids and that funny looking guy at the supermarket) to an average of 23! (I believe that funny looking guy told a couple of his co-workers about me.) I know why my stats have been so low. It’s because I ain’t been talking about nothing productive. All that’s going to change. I’m going to get back in the Groove with Groovy and link up with Linux. Best of all I’ll bring all of the wholesome goodness of DSL dynamicism and hidden config properties back to the forefront of these pages. That coupled with my eventual foray into Objective C for iPhones and Applescripting will hopefully make the above address worth bookmarking.

Starting today I wanna talk about DSL. There are a few ways to interpret DSL. Digital Subscriber Line, Domain Specific Language are common expansions. Using them in the below text would lead to loss of context. It would spur an overconfident feeling of familiarity. It would inspire the usual geek eggheadedness that results in comments that address questions that were never asked and oppose arguments that were never originated. Simply put, it would confuse the batcrap out of you. The DSL I’m referring to is Demi-Sized Linux or better known by it’s street name Damn Small Linux. Its called Damn Small because it’s damn small! Weighing in at under 50MB small enough to fit on a USB stick from four years ago, and powerful enough to launch Firefox and browse the far corners of YouTube it’s a quite interesting collection of ones and zeros. I’m using it to power these old PCs that I’m fixing up for a local community center. Let me tell you about these machines. They were all donated from various sources (banks, schools, construction plants, etc.) and most of them have between 64 and 128MB of RAM, barely PII class processors with these tiny 2GB hard drives. Some of them don’t boot and when they do they run the old Win98 scan disk which flags half of the hard drive as dead. I’ve run through about 4 or 5 different distros trying to find one that’ll work for such a task. Starting with Xubuntu because the Ubuntu project is soo off the rails hype and working my way past Mepis, I eventually weeded my selection down to Puppy and DSL. These are the two most popular mini distros and if you’re looking to revitalize a low end box or if you just want something you can sport on your key chain most people look to one of these. Puppy looks much more visually appealing with the little doggy and I managed to get it to load and partly install on one box with a bum hard drive. The others, Xubuntu, Mepis, Knoppix, etc. wouldn’t get past the splash screen. I started using DSL because no matter how crappy the hardware was it always, always booted up. And it boots in about a minute or less.

So now I got this one box I’ve been really working hard on. I pulled the thing apart, and managed to replace the hard drive with an old Maxtor I had sitting in a desk for about a decade. I started to boot Puppy but opted for DSL. You know what? within 10 minutes I not only had the thing booted, I ahd a fresh reboot with a working hard drive install of DSL. Try that with any Windows CD! Try that with any operating system!!! I’ve had similar experiences installing other Linux distros like Mepis and Mint but DSL really takes the cake… and eats the cake. I just thought I’d share my tale with anyone else out there who may be looking to rebuild an old box or something like that.

Losing the Linux touch

I thought I was picking Linux up rather quickly at my last job. Alas, since I’ve started working here, at the leading Mapping provider, I’ve been far removed from the Penguin. I find myself struggling with the simplest things, like how to extract a tar.gz fom the command line. I special requested a Linux machine which sits on the corner of my desk unused since my hire date. I just haven’t had the time to get back into it. I feel sooo dirty. So shameful! Not only have I neglected GSpec (by the way, y’all check out EasyB) I’ve turned away from Linux. I’m not the same guy I used to be. The other day I spent an hour trying to figure out how to evaluate the parent folder of the current executing script in bash. I still don’t have it. this is a problem I encountered long ago. I found the solution. I just can’t remember what it was! Linux is a lot unlike learning to ride a bike. Y’know how once you learn how to balance on two whells you never forget? Well Linux is the exact opposite of that. It’s one of those things where if you cheat and go back to Windows or some other GUI you have to re-learn everything you knew or thought you knew on Linux. At home I’ve been struggling with DSL. I could barely get Synaptic installed. And after that I installed IceWM but couldn’t figure out how to launch it. It’s getting real bad. If I had the time I’d change the header picture on this blog and remove the Linux background part. I wouldn’t even replace it with OS X because I’ve just been feeling very under-confident lately. It’s like I know where to look, I have a rough idea of how to do things but getting things done has become way more involved than it used to be. I used to have a solution in a few mouse clicks. A command or two. A quick Google search. Nowadays, I can’t query my way out of a parked car. I’m losing it y’all! Help!!!