How to assign a hostname to SSH tunnel
What you describe is not possible. But there's still good news:
What is possible however is to establis a Dynamic connection with the SSH Server. This will open a port on your local computer to which you can point the Proxy setting of your Browser and allow you to use the tunnel as a proxy server. But you have to type a hostname/ip and port into the browser as if the browser were running on the machine the SSH Server is on.
Command looks like this: ssh [email protected] -D 1234
Then point your browser's proxy to localhost:1234
.
So if you tunnel into Server A, and want to connect to server B, you type into your browser whatever address you would type into a Browser running on Server A. If a browser running on server A could not connect to Server B (if the process on Server B only listens on 127.0.0.1) then you still couldn't connect. It sounds like you just have the one server, but I wanted to be sure this was clear.
If you just have the one server, you tunnel into it with the Dynamic connection, set your proxy. You will then be able to type "localhost:1234" (for example) into the browser and it will connect to the service running on the remote server on port 1234.
Securit Side Note: Never never never setup a server where root can SSH in! Serious security flaw. Create a normal user account (who is allow to su or sudo) and SSH in as that user.
You can assign a name by using the fact your loopback adapter will basically respond to any address in the 127.0.0.0/8 network.
So instead of binding to port 4321 you could bind to 127.1.2.3:4321. Then simply setup a host entry that map a name to the loopback address that you used so foo.bar maps to 127.1.2.3
.
In my SSH configuration on my admin workstation I have many tunnels configured so that they bind to some address in the loopback range, and I have entries in my host file so I open up many tunnels in parallel using the same port and distinguish between them via name.
So if you connect like this
ssh [email protected] -g -L 127.1.2.3:4321:localhost:28017
And your hosts file has a line like this.
127.1.2.3 my.tunnel.name
Then you should be able to connect to my.tunnel.name:4321 from your local machine.
If you have additional IP address space on the network your ssh client is connected to you could even assign a secondary address to your Ethernet interface and use one of your real IPs, and then setup entries in your DNS if you wanted other systems to be able to use your SSH tunnel.
The -L option -L [bind_address:]port:host:hostport
will let you use any valid IP address on the local system to bind to. You do need to include the -g
option as well if you want other hosts to be able to connect via your ssh tunnel.
Create a Dynamic application-level port forwarding (socks proxy basically) with your SSH tunnel, and then point your applications through this one. To create a dynamic tunnel, connect as follows:
ssh [email protected] -D 127.0.0.1:31337
Then configure your application to use this as a SOCKSv5 proxy.
If you want a hostname bound to this, just add /etc/hosts
entries that points to 127.0.0.1, but a more pretty way might be to add 127.0.0.2 for the first tunnel, and a hosts entry for this one, 127.0.0.3 for the second tunnel and a separate host entry for this one, etc. If you add aliases for 127.0.0.1, sometimes this alias will appear in other commands lookups of localhost which can be confusing!
To smoothly use this in a webbrowser you can use a proxy addon, as an example I favor the Chrome webbrowser and for this one I use an addon called Proxy Switchy!
. You can download it here:
https://chrome.google.com/webstore/detail/caehdcpeofiiigpdhbabniblemipncjj
In the configuration of this addon I can define several separate proxies, and then bind regular expressions of hosts/URLs to use certain proxies, this way I'll always be properly redirected through the right tunnels without having to manually switch. Please let me know if you need further clarification on any of the steps!