SecureCRT supports the SSH feature called forwarding (Chapter 9), in which another network connection can be passed through SSH to encrypt it. It is also called tunneling because the SSH connection provides a secure "tunnel" through which another connection may pass. Both TCP port forwarding and X forwarding are supported. (As well as agent forwarding, as we mentioned earlier.)
Port forwarding permits an arbitrary TCP connection to be routed through an SSH connection, transparently encrypting its data. [9.2] This turns an insecure TCP connection, such as Telnet, IMAP, or NNTP (Usenet news), into a secure one. SecureCRT supports local port forwarding, meaning that your local SSH client (SecureCRT) forwards the connection to a remote SSH server.
Each SecureCRT session you create may have different port forwardings set up. To set up forwarding to a particular remote host, open the Session Options window and select Connection/Port Forwarding.
To create a new forwarding, first click the Add button to display the Local Port Forwarding Properties window, as in Figure 17-4. Then enter:
- Name
Any descriptive name for your forwarding, to help you remember what it does.
- Local
The port number on your local machine to connect to the secure tunnel. This can be just about any number, but for tradition's sake, make it 1024 or higher. Choose a local port number that's not being used by any other SSH client on your PC. If you want to restrict the local IP address that allows connections (i.e., if your PC has multiple network addresses), check the associated checkbox ("Manually select local IP addresses...") and fill in the address.
- Remote
The port number of the remote service, such as 119 for NNTP or 143 for IMAP. The remote machine, by default, is the same one used for your SecureCRT session, but you can change this by checking "Destination host is different from the SSH server" and entering the hostname where the remote service is found. But beware: you can produce a non-secured tunnel with this kind of third-party forwarding if you're not careful.
- Application
SecureCRT can run an external program for you to take part in the forwarding. For example, if you're forwarding to an IMAP mail server, SecureCRT could launch your mail client. If you want this behavior, enter the path to your desired application program.
When you're done, click OK to save the forwarding, and your desired TCP port will be forwarded for the duration of your connection.
The X Window System is the most popular windowing software for Unix machines. If you want to run remote X clients that open windows on your PC, you need:
A remote host, running an SSH server, that has X client programs available
An X server running on your PC under Windows, such as Cygwin/X or X-SecurePro
SSH makes your X connection secure by a process called X forwarding. [9.4] Turning on X forwarding is trivial in SecureCRT. Simply put a checkmark in the checkbox "Forward X11 Packets." It is found in the Session Options window under Connection/Port Forwarding/X11.
To secure an X connection by forwarding it through SSH, first run SecureCRT and establish a secure terminal connection to the SSH server machine, with X forwarding enabled. Then run your PC's X server, disabling its login features such as XDM. Now simply invoke X clients on the server machine.