SSH, PPP, and SLIRP

Let’s face it. Sometimes you have a need for network wide access via SSH. Port redirection does not cut it, and PermitTunnel may be disabled. Here is an old school program that works very well: slirp. Slirp was born in a day when there was no consumer broadband access. It could turn a Unix shell account into a PPP or SLIP account.  In other words, all of your applications could have Internet access.  For a trip down memory lane, here is a snippet from the man page:

       Slirp is a TCP/IP emulator which turns an ordinary shell account into a
       (C)SLIP/PPP account. This allows shell  users  to  use  all  the  funky
       Internet applications like Netscape, Mosaic, CUSeeMe, etc.

Mind you that once installed, your bandwidth is still limited to 115200 baud, meaning your overall throughput will be slow by today’s standard. For VNC or terminal connections, this is plenty.

What is required:

And here is a basic connection script:

#!/bin/bash

/usr/sbin/pppd nodetach pty "ssh -t -e none target-host.example.net slirp -P" 
   netmask 255.255.255.0 connect-delay 5000 

route add -net 10.1.1.0/24 ppp0

This script assumes that target-host.example.net is on the 10.1.1.0/24 network. We run pppd, with ssh as the connection script. Ssh connects to target-host, and then runs slirp in PPP mode on the terminal, which then starts negotiating with the pppd. Three programs: pppd, ssh, and slirp do the magic.

Not only is this useful, but think of the reverse path. Could someone get back to you while using slirp? First, any activity would appear from target-host.example.net. If target-host.example.net were compromised, they would have to then compromise slirp (and through it, speak PPP) in order to get a path back to your host. I was unable to find such a boast on the Internet.

Comments are closed.