I had the pleasure to install an IBM Connections pilot for a customer together with Etienne Döhler a few weeks back.

One of the obstacles we faced during the install was a rather sealed off RedHat GNU/Linux box, that had only port 22 (ssh) open to the PCs we were using for the install (fortunately with X11 installed and X11 forwarding allowed). As the customer wanted the IBM HTTP Server (IHS) to listen on 8080/8443 for the communication with the already existing Reverse Proxy (RP, managed by Lufthansa) they also opened that port, but only for connections with the RP.

One of the "best practices" I try to convey at Social Connections et.al. is that you should always test your install without a Reverse Proxy, Load Balancer, ... and make sure everything works before you introduce the additional complexity of a Reverse Proxy or similar.

So how to connect to the IBM Solutions Console and the IHS when the only open port to that machine is SSH (22)? Well, SSH and its config file to the rescue!

SSH has a nifty feature called port forwarding. This allows you to forward local ports to a remote machine. Together with some creative hosts file editing, you can use your local browser to access the remote machine as if the necessary ports were open on the remote machine.

We needed the following URLs to work:

  • https://machinename.example.com:9043/ibm/console
  • http://machinename.example.com:8080/homepage
  • https://machinename.example.com:8443/homepage

So the first thing to do was to modify the hosts file to point machinename.example.com to 127.0.0.1:

127.0.0.1    localhost machinename.example.com


And then create an entry in ~/.ssh/config with the local port forwarding and further settings to spare us some typing:

Host customername 

        # Specify destination host by IP, as we have an hosts entry for the name
        HostName 10.42.42.42
        Port 22
        User zaphod
        IdentityFile ~/.ssh/customername_rsa
        Compression no
        AddressFamily inet
        ForwardX11 yes
        LocalForward 9043 10.42.42.42:9043
        LocalForward 8080 10.42.42.42:8080
        LocalForward 8443 10.42.42.42:8443
        PreferredAuthentications publickey,keyboard-interactive,password


So with a simple "ssh customername" I can now connect to the GNU/Linux machine with the key I created to that purpose and have X11 forwarding as well as local port forwarding activated. And as long as that ssh session is open, I can now access the ISC and the IHS in my local browser as if 9043, 8080 and 8443 were open network ports on the remote box.

And it was a good thing that we were able to test directly with the IHS and verify that everything was working as expected, as the RP had disabled SSLv3, which broke the IBM Connections Widgets at that time. But that is a story for another blog entry.

For more SSH voodoo, see my "Was, SSH kann auch das?" talk at the Grazer Linuxwochen 2013 (in german).

Comments [0]

No Comments Found


Discussion for this entry is now closed.

This is the Blog of Martin Leyrer, currently employed as an Senior Lab Services Consultant at HCL Digital Solutions.

The postings on this site are my own and do not represent the positions, strategies or opinions of any former, current or future employer of mine.