12:36 p.m.
I did some more research, and learned a few things.
For the benefit of others who may not know:
Question: I don't have much experience with ssh port forwarding.
If I already have the SOCKS proxy working, how, exactly, would I accomplish step #2?
With the 8080 socks proxy working, I've now tried to run this command:ssh -L
5902:127.0.0.1:5901 username@ovirt-host-ip
And in this case, I'm "assuming" that 5902 is going to listen on my local
computer, and that I need to edit the vv file to connect to 127.0.0.1, port 5902.
That's not working.
Answer: A SOCKS5 proxy does not forward all network traffic.
It's a "layer 5" proxy (hence the name, SOCKS5). It is not an application
proxy.This is a good
primer: https://securityintelligence.com/posts/socks-proxy-primer-what-is...
The following tidbit from the above URL made it clear to me:
Since SOCKS sits at layer 5, between SSL (layer 7) and TCP/UDP (layer 4), it can handle
several request types, including HTTP, HTTPS, POP3, SMTP and FTP. As a result, SOCKS can
be used for email, web browsing, peer-to-peer sharing, file transfers and more. Other
proxies built for specific protocols at layer 7, such as an HTTP proxy that is used to
interpret and forward HTTP or HTTPS traffic between client and server, are often referred
to as application proxies.
My solution:
I wound up getting sshuttle, and that is working perfectly for my needs.
Here's a primer on
that: https://www.techrepublic.com/article/how-to-use-ssh-as-a-vpn-with-s...
After I installed sshuttle on my local machine, this is how I'm establishing a
connection to the datacenter:
sudo sshuttle -e "ssh -i /home/user/.ssh/id_rsa" -r user(a)1.2.3.4 -x 1.2.3.4
0.0.0.0/0
Note that "1.2.3.4" is my remote IP address in the above example.
Also note that I've had to enter in the remote IP address twice (once when passing it
in using the -x argument)
Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Saturday, April 17, 2021 5:01 AM, David White via Users <users(a)ovirt.org> wrote:
I'm running into the issue described in this
thread: https://lists.ovirt.org/archives/list/users@ovirt.org/message/KT3...
In short, I have ssh to the datacenter. I can ssh to a public IP
address with the "-D 8080" option to forward local port 8080 act as a SOCKS
proxy.
I then edit my local computer's proxy settings and set the SOCKS host to 8080. So
this is a system-wide change. I'm not setting the SOCKS proxy in the browser
preferences.
After I do all that, I'm able to use my browser to get to the engine web UI, and
I'm able to login.
However, the console for each VM isn't working.
In the thread I linked to above, Alan says to do this:
2. SSH to the hypervisor tunneling a local port to that remote
console port.
3. Click on the console link in the Engine and locally save the vv file.4. Edit the vv
file; change host to localhost and port to whichever port you configured for the local
side of the tunnel.
Question: I'm confused why I need to tunnel a local port to the
remote console port, if I'm already tunneling port 8080 to the host.
Question: I don't have much experience with ssh port forwarding.
If I already have the SOCKS proxy working, how, exactly, would I accomplish step #2?
With the 8080 socks proxy working, I've now tried to run this command: ssh -L
5902:127.0.0.1:5901 username@ovirt-host-ip
And in this case, I'm "assuming" that 5902 is going to listen on my local
computer, and that I need to edit the vv file to connect to 127.0.0.1, port 5902.
That's not working.
Maybe I don't understand how SOCKS proxies work, but I was hoping
/ under the impression that all of my network traffic would go through the ssh tunnel on
port 8080, and that vnc would work at that point.
Sent with ProtonMail Secure Email.