Accessing CCRMA-Only Web Content with SSH Web Tunneling

So you are away from CCRMA, and you want to access web content which is only readable from CCRMA?

Well there is a way. It's a little tricky, depending on how the pages you are trying to look at have been coded, but it's nothing you can't handle.

There is a way using ssh to send a port through your ssh session, in a secure tunnel. It is not as hard as it sounds.

The CCRMA web server, like most webservers, is on port 80. (If you don't know what that means, it's not important!) What we are going to do is forward port 80 on the CCRMA webserver to port 8888 on your local machine. Then, you can point your browser to that port on you local machine and you will see the CCRMA webserver. The catch is that to the CCRMA webserver, you appear to be coming from the ccrma machine you have logged into, and the web traffic from your machine to the ccrma machine is encrypted!

Now for some examples.

The first step is to connect to CCRMA using ssh. You'll do this as you normally do, but with port forwarding enabled. If you are using Putty under Windows, click here. In Linux, MacOS X, any other unix, or in Windows under Cygwin, you can type the following command:

ssh ccrmahostname -l username -L 8888/ccrma.stanford.edu/80

So if your username is mortimer and you wish to connect through ccrma-gate you would type the following:

ssh ccrma-gate.stanford.edu -l mortimer -L 8888/ccrma.stanford.edu/80

You will then be prompted for your password and logged in just as you would be for any ssh session. As long as the session is active, you have a secure tunnel into the CCRMA website.

If you go to your browser, you should be able to go to the following URL:

http://localhost:8888/

It should show you the CCRMA homepage! You can surf to the restricted pages and they will be available to you. When you exit from the ssh session, if you try to go to http://localhost:8888/ it will say connection refused.

Now for the tricky part!

There is a catch here. Depending on how the instructor has coded the HTML of the web page, it may rewrite the URL to go to CCRMA directly, instead of through the tunnel. You can see this when you put the pointer over a link. In the line on the bottom of the browser you will see the actual URL the link will take you to. Some will say localhost:8888 like you entered in your browser, others will say ccrma.stanford.edu, and those are not going through the tunnel.

The solution is, just surf along and let the browser change the URL to ccrma.stanford.edu if it wants to. This is outside the tunnel, but that's fine for now. When you go to the area that is restricted, you will get an ACCESS DENIED page. Just go up to the location and change ccrma.stanford.edu to localhost:8888, leaving everything else the same, and the page will appear! This has made the same connection, but now it's inside the tunnel. You may have to do this a few times during the session.