Nuffnang

Monday, November 9, 2015

SSH Tunneling

You can create SSH Tunnels using different kinds of forwarding like
a) Local Port Forwarding, 
b) Remote Port Forwarding,
c) Dynamic Port Forwarding
c) X Forwarding

For a full command syntax check the online man pages for ssh  here  




Local Port Forward

-L [bind_address:]port:host:hostport

          Specifies that the given port on the local (client) host is to be forwarded to the given 
             host and port on the remote side.  This works by allocating a socket to listen to port 
             on the local side, optionally bound to the specified bind_address.  Whenever a
             connection is made to this port, the connection is forwarded over the secure channel, 
             and a connection is made to host port  hostport from the remote machine. The 
             bind_address of ``localhost'' indicates that the listening port be bound for local use 
             only, while an empty address or `*' indicates that the port should be available from all interfaces.

Suppose that I want to access a remote host ( 192.168.2.1:80) that is behind an ssh server (myremotemachine). On local machine , set up a port forward from port 8080 to 192.168.2.1:80.
 $ ssh myremotemachine -L 8080:192.168.2.1:80  

Open another console session , on local machine, and check that the service is available on the loopback interface only , listening on tcp/8080.
 $ netstat -tunelp | grep 8080  
 tcp    0   0 127.0.0.1:8080     0.0.0.0:*    LISTEN   1000   74471   4269/ssh    

Then on local browser goto http://localhost:8080/  to access the webpage

On another example, you need to telnet on network device that is accessible only from inside the network.
 $ ssh myremotemachine -L 2323:192.168.0.1:23  

On local machine confirm that service is run on the loopback interface only , listening on tcp/2323.
 $ netstat -nlp | grep 2323  
 tcp    0   0 127.0.0.1:2323     0.0.0.0:*        LISTEN   4406/ssh      


Then open another console session and telnet to the loopback interface .
 $ telnet localhost 2323  
 Trying 127.0.0.1...  
 Connected to localhost.  
 Escape character is '^]'.  
 **WELCOME TO PIX501**  

Add -g to allow others on same home subnet to connect to remote machine.
 $ ssh myremotemachine -L 2323:192.168.0.1:23 -g  

Service appears on all interfaces of local host
 $ netstat -nlp | grep 2323  
 tcp    0   0 0.0.0.0:2323      0.0.0.0:*        LISTEN   4490/ssh    

Other machines on same subnet should use:
 $ telnet <address-of-localhost> 2323  



Remote Port Forwarding

-R [bind_address:]port:host:hostport
             Specifies that the given port on the remote (server) host is to be forwarded to the given 
             host and port on the local side.  This  works by allocating a socket to listen to port on the 
             remote side, and whenever a connection is made to this port, the  connection is forwarded 
             over the secure channel, and a connection  is made to host port hostport from the local machine.


              By default, the listening socket on the server will be bound to  the loopback interface only.  
              This may be overridden by specifying a bind_address.  An empty bind_address, or the address
             '*', indicates that the remote socket should listen on all interfaces.  Specifying a remote 
             bind_address will only succeed  if the server's GatewayPorts option is enabled 

Initiates a ssh connection with reverse port forward which will open listening port, to be forwarded back to destination' s port on destination host.

For example you need to access your PC at work but the firewall does not allow a connection initiated from outside. So you bypass company firewall by 
using an allowed port and create an incoming tunnel from computer at work to your computer at home. And then browse/use the port from home.

 office$ ssh -R 2222:localhost:22 homeserver   

Confirm that service is running on the loopback interface
 homeserver$ netstat -nlp | grep 2222  
 tcp    0   0 127.0.0.1:2222     0.0.0.0:*        LISTEN   -       

We are initiating ssh connection with reverse port forwarding (-R) which will open listening port 2222 to be forwarded back to localhost's port 22 and all this will happen on homeserver. If you now open up a terminal on homeserver and type in:
homeserver $ ssh localhost -p 2222  

we will try to connect to localhost (homeserver) on port 2222. Since that port is setuped by remote ssh connection it will tunnel the request back via that link to the office computer.


Dynamic Port Forwarding (SSH SOCKS proxy )

If you are using a connection that is not secure, then create an ssh tunnel to the ssh server and use it as a proxy.

 $ ssh -D 8080 remotemachine  

Then setup browser  SOCKS proxy at localhost:8080



X Forwarding

To run a GUI application installed on a remote machine  but display it locally
$ ssh -X -p 10022 192.168.2.10  

Then I run application PUTTY , installed only on the remote machine
$ putty  

No comments:

Post a Comment