On 11/12/20 7:50 AM, Jonathan Billings wrote: > On Thu, Nov 12, 2020 at 12:56:15PM +0000, Bernstein, Noam CIV USN NRL (6393) Washington DC (USA) via CentOS wrote: >> If the point is to access a specific web site only the remote >> machine can get to, you can also do it with port forwarding: >> ssh -L 8000:ip_of_web_site_to_access_from_remote:443 remote_machine >> and then locally run any browser, and access >> https://localhost:443 >> (assuming it's https. If it's plain http, use "http" and 80). Note >> that you'll be breaking some aspects of https security such as >> man-in-the-middle protection and perhaps others, and you'll need to >> accept some security exceptions. >> >> This will be useful if the point is to get to a web site only only >> the remote machine can connect to, but all the browser code/plugins >> will be the local ones. > If this is actually something you want to do with regularity, I > suggest using the SSH SOCKS proxy (with the DynamicForward port), and > configure Firefox to use the localhost:port as a SOCKS5 proxy. Then > all traffic in firefox will be routed over the ssh connection. It > won't break SNI and for the most part, everything will work in firefox > as if you were connecting from the remote side of the connection. > > It works with yum and dnf too, where you can use RemoteForward to set > up a proxy port on the remote side, set the 'proxy' settings in the > configuration, and all yum/dnf traffic will go over the established > SSH connection. Why would you do this? Well, if you've got a system > that's sitting inside a private, not NAT'd network and your > workstation/jumphost has a VPN enabled but you don't have it enabled > on the remote side, you can update a system without doing a lot of > complicated network magic. Now imagine using Ansible to do this, > which is already setting up SSH sessions... > Sounds interesting, can you point me to any examples / how to's to set this up? Thanks