The SSH protocol is a useful tool available on all our servers which allows our customers to access the command prompt on our server over an encrypted connection (whereas telnet communications are un-encrypted and can be read easily over the Internet).
However, unlike telnet, SSH also offers a number of extra features over and above just access to a command prompt:
In this article, we'll be looking at the Port Tunneling option.
Normally you wouldn't. Most of our main protocols support encrypted communications to protect your traffic (currently these are SSH, SMTP, IMAP/POP3, HTTP and Plesk). However, there are some cases where the ability to redirect a port is useful - namely when working with database servers.
As detailed in the following Knowledgebase article, remote access to the database servers has been disabled by Plesk, and consequently by us, as the server will reject all connections apart from those that come from the server itself.
By redirecting the port you overcome the two restrictions in establishing a connection: First, you will be connecting to localhost on your system, which is then redirected as localhost to the remote system - all communications will appear to both systems as though it comes from their computer & hence match the host valid in the user's configuration, allowing you to log on.
Secondly, although you're using a port blocked by the firewall, because the communications are done over the SSH protocol, which isn't blocked, and the traffic is carried within the SSH protocol, the firewall will accept the traffic, allowing it to flow and for you to talk to the database server.
How you establish a tunnel will depend on which system you're on. Below is a list of the different operating systems and how to connect.
Note: SSH is not enabled by default on any account. For details about this, and how to get access enabled, please see:
Can I have access to the command line (i.e. SSH)?
The easiest systems are Linux/Unix-based systems (of which Mac OS/X is a derrivative), as almost all distributions now come with the ssh program (along with the scp and sftp programs) by default. All you need to do is to load up a terminal session (or command prompt) on your system and run the following command:
# ssh -l username -L1234:localhost:2345 server.jabservers.co.uk
where username is the FTP username for your domain's master FTP account (the one with SSH enabled on), 1234 is the source port on your system (see below for a list of ports), 2345 is the destination port (can be the same as, or different to, the source port) and server.jabservers.co.uk is the name of the server you are connecting to.
For example:
# ssh -l jabwebsolutions -L3306:127.0.0.1:3306 gamma.jabservers.co.uk
will connect to gamma.jabservers.co.uk, using the username jabwebsolutions, redirecting the MySQL port.
When the program is run, you will be connected to the server via a command prompt. So long as the command prompt is open and you can see the console, it will forward the port for you. To exit, either shut down the window (if opened in a window), or type exit at the command prompt.
For Windows, you will need to obtain the PuTTY program (freely available from Simon Tatham's Web Site, as well as our PuTTY 0.59 download page).
Once installed, run the PuTTY program and you will be presented with a small window, with a list of options of the left and a number of fields for details on the right:
When you connect, you'll be asked for your username and then your password in order to log on. Again, as with Linux/Unix above, so long as the window is open and you can see the console (and PuTTY doesn't show '(disconnected)' in the title bar), it will forward the port for you. To exit, close down the window or type exit on the command-prompt.
Below is a list of ports which you may use this technique with:
 Add a Comment |