KGS Issue - SSH Tunnel

    Keywords: Online Go

CBlue: Some people might not be able to connect to KGS due to port restrictions of their firewalls. In that case, you might want to try to use a so-called 'SSH Tunnel' to connect to KGS over different TCP ports which are not blocked by the firewall. Here is how it works...

Short explanation of how SSH tunnels work:

-you need a 2nd machine in the middle, which connects your machine and the KGS server.

-your restricted PC behind the firewall runs an SSH client (for windows use puTTY for example).

-now you configure your CGoban2 to connect to your own SSH client on your local machine(!) instead of the remote KGS server. The SSH client will then forward the connection on a different port (which is accepted by your firewall) and hence be able to bypass the firewall.

-the SSH client forwards the connection from CGoban2 to the 2nd machine, which is running an SSH server and knows what to do with the incoming 'SSH-packets-which-really-contain-wrapped-KGS-packets'.

-the SSH server on the 2nd machine will unwrap the KGS packets and send them to the KGS server. In return, it will wrap packets sent by the KGS server into SSH packets and send them back through the firewall to your local PC. There, your SSH client will extract the KGS packets from the incoming SSH packets and forward the KGS data to your local CGoban2 client.

Here is a sketch:

PC at work (firewalled) CGoban2->SSH client --transmitting SSH packets over the internet--> SSH server --transmitting 'KGS' packets over the internet--> KGS server

So what do you need?

-an SSH client which supports forwarding, for example puTTY. You can get it here: [ext] http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

-another machine which runs an SSH server which you can access (you need to have an account in order to log in there). If you don't have such a machine, you can set up one yourself. For example you can use your PC at home if you want to bypass the firewall at your working place. In that case what you need to do is to install an SSH server on your home PC so it can connect your PC at work and the KGS server. You can download a free SSH server for windows here for example [ext] http://sshwindows.sourceforge.net/ (opensshd)

How do I set up my SSH client?

puTTY is used for these instructions

Enter a custom name at 'Saved sessions', for example 'My KGS tunnel'.

Click on 'SSH' option, port will automatically switch to '22'.

At hostname, enter the name or IP of the 2nd machine and port of its SSH server (usually 22. If the firewall blocks port 22 too, you will have to switch to a different port, and configure the ssh server accordingly to listen on that port instead of 22. Usually port 80 or the port of your http proxy might work.)

Go to Connections / SSH / Tunnels. Enter '2379' (the KGS port) at 'Source port' and enter 'goserver.gokgs.com:2379' at 'Destination'. Hit the 'Add' button to save that.

Go back to 'Session' and hit the 'Save' button to save all this.

Click 'Open' to start the SSH tunnel! A window will open and prompt you for the username and password of the user. (If you installed your own SSH server, it's the name/pw you chose in the mkpasswd command). Afterwards, just leave the window open, move it to the background and ignore it. If you close it, the connection (and the tunnel) will be shut down.

Note: if you use Linux, *BSD, or OSX, you can type this into a terminal (where HOSTNAME is the computer through which you will be forwarding the connection):

ssh -L 2379:goserver.gokgs.com:2379 HOSTNAME

Fire up CGoban2. Go to 'Configure' and replace the KGS server 'goserver.gokgs.com' by simply 'localhost' to make CGoban2 send the KGS packets to the SSH client on the same machine which is now listening on port 2379.

Start CGoban2, log in, play.

How do I set up my own SSH server?

If you installed opensshd for Windows (link is given above), configure it according to the included quickstart.txt. That is: Open command prompt, switch to its \bin directory, and run

 mkgroup -l >> .\etc\group
 mkpasswd -l -u <a valid windows username> >> ..\etc\passwd
 Example: mkpasswd -l -u Administrator >> ..\etc\passwd

Or omit the username in order to add ALL users from your machine.

Start the server by typing

 net start opensshd

You can shut it down with

 net stop opensshd

In case you want to change the default SSH port (22) to a different value, fire up a text editor and uncomment (remove the #) and change the 'port' entry in file 'ssh_config' in directory /etc accordingly.

(note that opensshd uses cmd shell, so don't try 'ls' but 'dir' instead.)

(email: c_blue@gmx.net)


revo: The firewall at my workplace doesn't allow any port. The only way out is through the proxy server. So I started developing a KGSoverHTTP-Tunnel. See KGS Issue - HTTP Tunnel for more information.

Joorin: puTTY supports handling of HTTP proxies. Look in the proxy configuration for your browser and use the IP and port in the puTTY settings. Just keep in mind that some HTTP proxies are pickier than others and that it won't always work.


KGS Issue - SSH Tunnel last edited by 82.183.138.148 on October 21, 2010 - 07:37
RecentChanges · StartingPoints · About
Edit page ·Search · Related · Page info · Latest diff
[Welcome to Sensei's Library!]
RecentChanges
StartingPoints
About
RandomPage
Search position
Page history
Latest page diff
Partner sites:
Go Teaching Ladder
Goproblems.com
Login / Prefs
Tools
Sensei's Library