I’ve been traveling a bit, but still want to do development in a nice tidy way.   At home I had a Perforce server running on a big local machine, and I could connect to it on port 1666 from my PC, my laptop and my Mac.  But out of town I’ll only have my laptop and a Mac mini.  I did not think my PC would keep running for long enough, so I decided to set up a Perforce server on my GoDaddy Linux host (I have a virtual private server with root access).  Of course, then security is a concern.

Assuming a Perforce server running on a remote Linux machine, and clients running both on Windows Vista and Mac OS X 10.5.3. How do we make the connection fully secure using SSH?

When you initially set up a Perforce server on a Linux box, by default it’s open to the world, listening for incoming connections on port 1666. To provide initial security, I simply blocked port 1666 at the firewall level (actually all ports are blocked by default, so it’s more accurate to say I did not open the port)

Next, we want to set up SSH tunneling. This involves a different procedure for each machine. The concept is fairly simple, but initially seems confusing.   The main point I failed to grasp was: you don’t need to do anything on the Linux machine! If it’s already accepting your SSH connection (which presumably is how you are starting Perforce), then it’s already set up to do port forwarding.

On the Mac, we have the software built in, and we just open a terminal window, and type:

ssh -l cowboy -L 6933:cowboyprogramming.com:1666 cowboyprogramming.com -p6789

then enter the password.  You then keep that terminal window running (I just minimize it).

There are three numbers here which are important:

6933 – the port that you want your client to think the server is using for P4
1666 – the port that the server actually is using for P4
6789 – the port you use for ssh, this is 22 by default, I’ve chosen a random port for obscurity (this is not the port I use)

On the Vista or XP PC/Laptop, we use PuTTY, and I just modified the original SSH connection (already set with the correct port, etc).

  • Connections/SSH/Tunnels
  • Source Port: 6933
  • Dest cowboyprogramming.com:1666

Now to connect to the server at cowboyprogramming, we use the p4 port of 127.0.0.1:4242 and ssh will automagically tunnel this over the SSH connection, and it will come out the other end at port 1666

That’s really all there is to it.