SlideShare a Scribd company logo

SSH Tunneling Recipes

Rafael Luque Leiva
Rafael Luque Leiva
Technology
1 of 56
SSH Tunneling Recipes Developer Toolbox Series Rafael Luque, OSOCO
Contents 1 SSH tunneling & common uses 2 Local port forwarding 3 Remote port forwarding 4 Dynamic port forwarding 5 X forwarding 6 Some useful tools
Protocol tunneling One network protocol —the delivery protocol— encapsulates a different payload protocol. — Wikipedia
SSH tunneling A secure shell (SSH) tunnel consists of an encrypted tunnel created through a SSH protocol connection. — Wikipedia
Common uses To securely connect to a remote host and have your network traffic encrypted
Common uses To securely connect to a remote host and have your network traffic encrypted • You are on a public, non secure, non trusted or unencrypted network. • You use an insecure protocol like POP3, IMAP, SMTP, FTP, telnet, etc.
Common uses To bypass local network restrictions and monitoring services
Common uses Internet censorship circumvention
Map of cyber-censorship
Common uses Open backdoors to allow outbound connections to hosts behind a firewall
Common uses X11 forwarding
Common uses Access services bound to the loopback interface
Contents 1 SSH tunneling & common uses 2 Local port forwarding 3 Remote port forwarding 4 Dynamic port forwarding 5 X forwarding 6 Some useful tools
Local port forwarding Local port forwarding (aka outgoing tunneling) forwards traffic coming to a local port to a specified remote port
Local port forwarding Recipe #1: Access a remote service behind a firewall ssh -fN -L <localport>:localhost:<remoteport> user@external The service is available on the loopback interface only.
Local port forwarding Recipe #1: Access a remote service behind a firewall ssh -fN -L <localport>:localhost:<remoteport> user@external The service is available on the loopback interface only.
Local port forwarding Recipe #1: Access a remote service behind a firewall ssh -fN -L <localport>:localhost:<remoteport> user@external The service is available on the loopback interface only.
Local port forwarding Recipe #2: Access a remote service from any host behind the firewall ssh -fN -L 0.0.0.0:<localport>:localhost:<remoteport> user@external or ssh -fN -g -L <localport>:localhost:<remoteport> user@external
Local port forwarding Recipe #2: Access a remote service from any host behind the firewall ssh -fN -L 0.0.0.0:<localport>:localhost:<remoteport> user@external or ssh -fN -g -L <localport>:localhost:<remoteport> user@external
Local port forwarding Recipe #3: Access a remote service visible from the ssh server ssh -fN -L <localport>:external2:<remoteport> user@external The service is available on the loopback interface only.
Local port forwarding Recipe #3: Access a remote service visible from the ssh server ssh -fN -L <localport>:external2:<remoteport> user@external The service is available on the loopback interface only.
Local port forwarding Recipe #3: Access a remote service visible from the ssh server ssh -fN -L <localport>:external2:<remoteport> user@external The service is available on the loopback interface only.
Local port forwarding Recipe #4: Access a remote service visible from the ssh server for any host behind the firewall ssh -fN -L 0.0.0.0:<localport>:external2:<remoteport> user@external or ssh -fN -g -L <localport>:external2:<remoteport> user@external
Local port forwarding Recipe #4: Access a remote service visible from the ssh server for any host behind the firewall ssh -fN -L 0.0.0.0:<localport>:external2:<remoteport> user@external or ssh -fN -g -L <localport>:external2:<remoteport> user@external
Contents 1 SSH tunneling & common uses 2 Local port forwarding 3 Remote port forwarding 4 Dynamic port forwarding 5 X forwarding 6 Some useful tools
Remote port forwarding Remote port forwarding (aka incoming tunneling) forwards traffic coming to a remote port to a specified local port
Remote port forwarding Recipe #5: Access a service behind a firewall from the ssh server ssh -fN -R <remoteport>:localhost:<localport> user@external The service is available on the loopback interface only.
Remote port forwarding Recipe #5: Access a service behind a firewall from the ssh server ssh -fN -R <remoteport>:localhost:<localport> user@external The service is available on the loopback interface only.
Remote port forwarding Recipe #5: Access a service behind a firewall from the ssh server ssh -fN -R <remoteport>:localhost:<localport> user@external The service is available on the loopback interface only.
Remote port forwarding Recipe #6: Access a service behind a firewall from any external host with access to the ssh server ssh -fN -R 0.0.0.0:<remoteport>:localhost:<localport> user@external Edit /etc/ssh/sshd_config at ssh server to allow the client to select the address to which the forwarding is bound: GatewayPorts clientspecified
Remote port forwarding Recipe #6: Access a service behind a firewall from any external host with access to the ssh server ssh -fN -R 0.0.0.0:<remoteport>:localhost:<localport> user@external Edit /etc/ssh/sshd_config at ssh server to allow the client to select the address to which the forwarding is bound: GatewayPorts clientspecified
Remote port forwarding Recipe #7: Access a service in a host accesible by the ssh client from the ssh server ssh -fN -R <remoteport>:internal2:<localport> user@external The service is available on the loopback interface only.
Remote port forwarding Recipe #7: Access a service in a host accesible by the ssh client from the ssh server ssh -fN -R <remoteport>:internal2:<localport> user@external The service is available on the loopback interface only.
Remote port forwarding Recipe #7: Access a service in a host accesible by the ssh client from the ssh server ssh -fN -R <remoteport>:internal2:<localport> user@external The service is available on the loopback interface only.
Remote port forwarding Recipe #8: Access a service in a host accesible by the ssh client from any host with access to the ssh server ssh -fN -R 0.0.0.0:<remoteport>:internal2:<localport> user@external Edit /etc/ssh/sshd_config at server to allow the client to select the address to which the forwarding is bound: GatewayPorts clientspecified
Remote port forwarding Recipe #8: Access a service in a host accesible by the ssh client from any host with access to the ssh server ssh -fN -R 0.0.0.0:<remoteport>:internal2:<localport> user@external Edit /etc/ssh/sshd_config at server to allow the client to select the address to which the forwarding is bound: GatewayPorts clientspecified
Contents 1 SSH tunneling & common uses 2 Local port forwarding 3 Remote port forwarding 4 Dynamic port forwarding 5 X forwarding 6 Some useful tools
SOCKS SOCKS is an Internet protocol that routes network packets between a client and server through a proxy server — Wikipedia
SSH dynamic port forwarding • SSH dynamic port forwarding allows the user to create a local SOCKS proxy. • Free the user from the limitations of connecting only to a predefined remote port and server. • Circumvention tool allowing to bypass Internet filtering to access content otherwise blocked by governments, workplaces and schools.
Dynamic port forwarding with SOCKS Recipe #9: Setup a SOCKS proxy ssh -fN -D <proxyport> user@sshserver To allow any internal host to use the proxy: ssh -fN -D 0.0.0.0:<proxyport> user@sshserver
Dynamic port forwarding with SOCKS Recipe #9: Setup a SOCKS proxy ssh -fN -D <proxyport> user@sshserver To allow any internal host to use the proxy: ssh -fN -D 0.0.0.0:<proxyport> user@sshserver
Contents 1 SSH tunneling & common uses 2 Local port forwarding 3 Remote port forwarding 4 Dynamic port forwarding 5 X forwarding 6 Some useful tools
X forwarding • Using X, you can run remote X applications that open their windows on your local display. • The X protocol is insecure and wide open to snoopers. • SSH X forwarding makes the communication secure by tunneling the X protocol: ssh -X user@server xclock
Contents 1 SSH tunneling & common uses 2 Local port forwarding 3 Remote port forwarding 4 Dynamic port forwarding 5 X forwarding 6 Some useful tools
autossh autossh is a program to start a copy of ssh and monitor it, restarting it as necessary should it die or stop passing traffic. autossh -M <port>[:echo_port] [-f] [SSH OPTIONS]
sslh sslh makes it possible to connect to an SSH server or an OpenVPN on port 443 while still serving HTTPS on that port.
Port knocking port knocking is a method of externally opening ports on a firewall by generating a connection attempt on a set of prespecified closed ports. Once a correct sequence of connection attempts is received, the firewall rules are dynamically modified to allow the host which sent the connection attempts to connect over specific port(s). — Wikipedia
Port knocking (A) client cannot connect to application listening on port n (B) client cannot establish connection to any port
Port knocking (1,2,3,4) client connects to a well-defined set of ports in a sequence that contains an encrypted message by sending SYN packets; client has a priori knowledge of the port knocking daemon and its configuration, but receives no acknowledgement during this phase because firewall rules preclude any response
Port knocking (A) server process (a port knocking daemon) intercepts connection attempts and interprets (decrypts and decodes) them as comprising an authentic "port knock"; server carries out specific task based on content of port knock, such as opening port n to client
Port knocking (A) client connects to port n and authenticates using applications regular mechanism
knockd knockd is a port-knock server. It listens to all traffic on an ethernet interface, looking for special "knock" sequences of port-hits.
References • SSH: The Secure Shell: http://docstore.mik.ua/orelly/networking_2ndEd/ssh/index.htm • autossh: http://www.harding.motd.ca/autossh/ • sslh: http://www.rutschle.net/tech/sslh.shtml • Port knocking: http://www.portknocking.org/ • knockd: http://www.zeroflux.org/projects/knock
Picture credits • Cover photo by twicepix: http://www.flickr.com/photos/twicepix/2825051329/ • The map of the cyber-censorship by Reporters Without Borders: http://march12.rsf.org/en/
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.
SSH Tunneling Recipes Developer Toolbox Series OSOCO Rafael Luque

Recommended

SSH Tunneling Recipes
SSH Tunneling RecipesSSH Tunneling Recipes
SSH Tunneling Recipes
OSOCO
 
Ssh tunnel
Ssh tunnelSsh tunnel
Ssh tunnel
Amandeep Singh
 
Ssh
SshSsh
Ssh
gh02
 
Intro to SSH
Intro to SSHIntro to SSH
Intro to SSH
JP Bourget
 
Nessus scan report using the defualt scan policy - Tareq Hanaysha
Nessus scan report using the defualt scan policy - Tareq HanayshaNessus scan report using the defualt scan policy - Tareq Hanaysha
Nessus scan report using the defualt scan policy - Tareq Hanaysha
Hanaysha
 
TELNET and SSH by MUSTAFA SAKHAI
TELNET and SSH by MUSTAFA SAKHAITELNET and SSH by MUSTAFA SAKHAI
TELNET and SSH by MUSTAFA SAKHAI
MUSTAFA SAKHAI
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSH
nussbauml
 
September Ethereum Berlin Workshop
September Ethereum Berlin WorkshopSeptember Ethereum Berlin Workshop
September Ethereum Berlin Workshop
aeronbuchanan
 

Recommended

SSH Tunneling Recipes
SSH Tunneling RecipesSSH Tunneling Recipes
SSH Tunneling Recipes
OSOCO
 
Ssh tunnel
Ssh tunnelSsh tunnel
Ssh tunnel
Amandeep Singh
 
Ssh
SshSsh
Ssh
gh02
 
Intro to SSH
Intro to SSHIntro to SSH
Intro to SSH
JP Bourget
 
Nessus scan report using the defualt scan policy - Tareq Hanaysha
Nessus scan report using the defualt scan policy - Tareq HanayshaNessus scan report using the defualt scan policy - Tareq Hanaysha
Nessus scan report using the defualt scan policy - Tareq Hanaysha
Hanaysha
 
TELNET and SSH by MUSTAFA SAKHAI
TELNET and SSH by MUSTAFA SAKHAITELNET and SSH by MUSTAFA SAKHAI
TELNET and SSH by MUSTAFA SAKHAI
MUSTAFA SAKHAI
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSH
nussbauml
 
September Ethereum Berlin Workshop
September Ethereum Berlin WorkshopSeptember Ethereum Berlin Workshop
September Ethereum Berlin Workshop
aeronbuchanan
 
Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)
Pina Parmar
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure Shell
Peter R. Egli
 
Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocol
Baspally Sai Anirudh
 
openssh portforwarding and linux firewall
openssh portforwarding and linux firewallopenssh portforwarding and linux firewall
openssh portforwarding and linux firewall
Khubaib Mahar
 
Meeting 5.2 : ssh
Meeting 5.2 : sshMeeting 5.2 : ssh
Meeting 5.2 : ssh
Syaiful Ahdan
 
Network telnet ssh
Network telnet sshNetwork telnet ssh
Network telnet ssh
Stefan Fodor
 
14 network tools
14 network tools14 network tools
14 network tools
Shay Cohen
 
Telnet & SSH Configuration
Telnet & SSH ConfigurationTelnet & SSH Configuration
Telnet & SSH Configuration
Vinod Gour
 
Module 3 Scanning
Module 3 ScanningModule 3 Scanning
Module 3 Scanning
leminhvuong
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSH
Hemant Shah
 
Using Secure Shell on Linux: What Everyone Should Know
Using Secure Shell on Linux: What Everyone Should KnowUsing Secure Shell on Linux: What Everyone Should Know
Using Secure Shell on Linux: What Everyone Should Know
Novell
 
Secure shell
Secure shellSecure shell
Secure shell
Arjun Aj
 
Secure SHell
Secure SHellSecure SHell
Secure SHell
Çağrı Çakır
 
Ssh And Rlogin
Ssh And RloginSsh And Rlogin
Ssh And Rlogin
Sourav Roy
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell ppt
sravya raju
 
Bh usa-01-kaminsky
Bh usa-01-kaminskyBh usa-01-kaminsky
Bh usa-01-kaminsky
Dan Kaminsky
 
Port forwarding
Port forwardingPort forwarding
Port forwarding
Ronak Mehta
 
Port forward
Port forwardPort forward
Port forward
lyndyv
 
SSH Tunnel-Fu [NoVaH 2011]
SSH Tunnel-Fu [NoVaH 2011]SSH Tunnel-Fu [NoVaH 2011]
SSH Tunnel-Fu [NoVaH 2011]
Vincent Batts
 
Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccna
Lakshan Perera
 
Sive Formazione - corsi formazione 2012
Sive Formazione - corsi formazione 2012 Sive Formazione - corsi formazione 2012
Sive Formazione - corsi formazione 2012
Sive Formazione
 
Understanding Java Dynamic Proxies
Understanding Java Dynamic ProxiesUnderstanding Java Dynamic Proxies
Understanding Java Dynamic Proxies
Rafael Luque Leiva
 

More Related Content

What's hot

Module 3 Scanning
Module 3 ScanningModule 3 Scanning
Module 3 Scanning
leminhvuong
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSH
Hemant Shah
 
Ssh And Rlogin
Ssh And RloginSsh And Rlogin
Ssh And Rlogin
Sourav Roy
 
Bh usa-01-kaminsky
Bh usa-01-kaminskyBh usa-01-kaminsky
Bh usa-01-kaminsky
Dan Kaminsky
 
Port forward
Port forwardPort forward
Port forward
lyndyv
 

What's hot (20)

Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure Shell
 
Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocol
 
openssh portforwarding and linux firewall
openssh portforwarding and linux firewallopenssh portforwarding and linux firewall
openssh portforwarding and linux firewall
 
Meeting 5.2 : ssh
Meeting 5.2 : sshMeeting 5.2 : ssh
Meeting 5.2 : ssh
 
Network telnet ssh
Network telnet sshNetwork telnet ssh
Network telnet ssh
 
14 network tools
14 network tools14 network tools
14 network tools
 
Telnet & SSH Configuration
Telnet & SSH ConfigurationTelnet & SSH Configuration
Telnet & SSH Configuration
 
Module 3 Scanning
Module 3 ScanningModule 3 Scanning
Module 3 Scanning
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSH
 
Using Secure Shell on Linux: What Everyone Should Know
Using Secure Shell on Linux: What Everyone Should KnowUsing Secure Shell on Linux: What Everyone Should Know
Using Secure Shell on Linux: What Everyone Should Know
 
Secure shell
Secure shellSecure shell
Secure shell
 
Secure SHell
Secure SHellSecure SHell
Secure SHell
 
Ssh And Rlogin
Ssh And RloginSsh And Rlogin
Ssh And Rlogin
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell ppt
 
Bh usa-01-kaminsky
Bh usa-01-kaminskyBh usa-01-kaminsky
Bh usa-01-kaminsky
 
Port forwarding
Port forwardingPort forwarding
Port forwarding
 
Port forward
Port forwardPort forward
Port forward
 
SSH Tunnel-Fu [NoVaH 2011]
SSH Tunnel-Fu [NoVaH 2011]SSH Tunnel-Fu [NoVaH 2011]
SSH Tunnel-Fu [NoVaH 2011]
 
Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccna
 

Viewers also liked

Brunello imprese a caccia d'innovazione
Brunello imprese a caccia d'innovazioneBrunello imprese a caccia d'innovazione
Brunello imprese a caccia d'innovazione
Sive Formazione
 
Catalogo alta formazione
Catalogo alta formazioneCatalogo alta formazione
Catalogo alta formazione
Sive Formazione
 
Cognitivism team6
Cognitivism team6Cognitivism team6
Cognitivism team6
teamsix
 
Catalogo Corsi Sive Formazione 2013
Catalogo Corsi Sive Formazione 2013Catalogo Corsi Sive Formazione 2013
Catalogo Corsi Sive Formazione 2013
Sive Formazione
 

Viewers also liked (17)

Sive Formazione - corsi formazione 2012
Sive Formazione - corsi formazione 2012 Sive Formazione - corsi formazione 2012
Sive Formazione - corsi formazione 2012
 
Understanding Java Dynamic Proxies
Understanding Java Dynamic ProxiesUnderstanding Java Dynamic Proxies
Understanding Java Dynamic Proxies
 
Brunello imprese a caccia d'innovazione
Brunello imprese a caccia d'innovazioneBrunello imprese a caccia d'innovazione
Brunello imprese a caccia d'innovazione
 
Il successo nella trattativa per gli acquisti: con il Neuromarketing
Il successo nella trattativa per gli acquisti: con il Neuromarketing Il successo nella trattativa per gli acquisti: con il Neuromarketing
Il successo nella trattativa per gli acquisti: con il Neuromarketing
 
Catalogo alta formazione
Catalogo alta formazioneCatalogo alta formazione
Catalogo alta formazione
 
Catalogo corsi Sive Formazione 2012
Catalogo corsi Sive Formazione 2012Catalogo corsi Sive Formazione 2012
Catalogo corsi Sive Formazione 2012
 
XSS Countermeasures in Grails
XSS Countermeasures in GrailsXSS Countermeasures in Grails
XSS Countermeasures in Grails
 
Corso Rspp - Responsabili del servizio prevenzione e protezione
Corso Rspp - Responsabili del servizio prevenzione e protezione Corso Rspp - Responsabili del servizio prevenzione e protezione
Corso Rspp - Responsabili del servizio prevenzione e protezione
 
Corso Lean Office
Corso Lean Office Corso Lean Office
Corso Lean Office
 
Cognitivism team6
Cognitivism team6Cognitivism team6
Cognitivism team6
 
Corsi Sive Formazione 2011: corsi di formazione a Venezia
Corsi Sive Formazione 2011: corsi di formazione a VeneziaCorsi Sive Formazione 2011: corsi di formazione a Venezia
Corsi Sive Formazione 2011: corsi di formazione a Venezia
 
Pesttt testing
Pesttt testingPesttt testing
Pesttt testing
 
LUMINARY magazine Dec15
LUMINARY magazine Dec15LUMINARY magazine Dec15
LUMINARY magazine Dec15
 
Grails vs XSS: Defending Grails against XSS attacks
Grails vs XSS: Defending Grails against XSS attacksGrails vs XSS: Defending Grails against XSS attacks
Grails vs XSS: Defending Grails against XSS attacks
 
Catalogo Corsi Sive Formazione 2013
Catalogo Corsi Sive Formazione 2013Catalogo Corsi Sive Formazione 2013
Catalogo Corsi Sive Formazione 2013
 
Trattativa acquisti
Trattativa acquistiTrattativa acquisti
Trattativa acquisti
 
Cara membuat telepon kaleng
Cara membuat telepon kalengCara membuat telepon kaleng
Cara membuat telepon kaleng
 

Similar to SSH Tunneling Recipes

Unit 13 network client
Unit 13 network clientUnit 13 network client
Unit 13 network client
root_fibo
 
Introducing bastion hosts for oracle cloud infrastructure v1.0
Introducing bastion hosts for oracle cloud infrastructure v1.0Introducing bastion hosts for oracle cloud infrastructure v1.0
Introducing bastion hosts for oracle cloud infrastructure v1.0
maaz khan
 

Similar to SSH Tunneling Recipes (20)

Up and Running SSH Service - Part 2
Up and Running SSH Service - Part 2Up and Running SSH Service - Part 2
Up and Running SSH Service - Part 2
 
Advanced open ssh
Advanced open sshAdvanced open ssh
Advanced open ssh
 
SSH Tunneling
SSH TunnelingSSH Tunneling
SSH Tunneling
 
tutorial-ssh.pdf
tutorial-ssh.pdftutorial-ssh.pdf
tutorial-ssh.pdf
 
Building Security Acсess to Remote Devices
Building Security Acсess to Remote DevicesBuilding Security Acсess to Remote Devices
Building Security Acсess to Remote Devices
 
Unit 13 network client
Unit 13 network clientUnit 13 network client
Unit 13 network client
 
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
 
Remote1
Remote1Remote1
Remote1
 
Ssh cookbook v2
Ssh cookbook v2Ssh cookbook v2
Ssh cookbook v2
 
Ssh cookbook
Ssh cookbookSsh cookbook
Ssh cookbook
 
Defeating The Network Security Infrastructure V1.0
Defeating The Network Security Infrastructure V1.0Defeating The Network Security Infrastructure V1.0
Defeating The Network Security Infrastructure V1.0
 
FreeBSD, ipfw and OpenVPN 2.1 server
FreeBSD, ipfw and OpenVPN 2.1 serverFreeBSD, ipfw and OpenVPN 2.1 server
FreeBSD, ipfw and OpenVPN 2.1 server
 
Windowshadoop
WindowshadoopWindowshadoop
Windowshadoop
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safe
 
OpenShift v3 Internal networking details
OpenShift v3 Internal networking detailsOpenShift v3 Internal networking details
OpenShift v3 Internal networking details
 
HAProxy scale out using open source
HAProxy scale out using open sourceHAProxy scale out using open source
HAProxy scale out using open source
 
OpenSSH tricks
OpenSSH tricksOpenSSH tricks
OpenSSH tricks
 
How to install Setup & Configure SSH Jump Server on a Linux box
How to install Setup & Configure SSH Jump Server on a Linux boxHow to install Setup & Configure SSH Jump Server on a Linux box
How to install Setup & Configure SSH Jump Server on a Linux box
 
Introducing bastion hosts for oracle cloud infrastructure v1.0
Introducing bastion hosts for oracle cloud infrastructure v1.0Introducing bastion hosts for oracle cloud infrastructure v1.0
Introducing bastion hosts for oracle cloud infrastructure v1.0
 
Server hardening
Server hardeningServer hardening
Server hardening
 

Recently uploaded

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Recently uploaded (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 

SSH Tunneling Recipes

  • 1. SSH Tunneling Recipes Developer Toolbox Series Rafael Luque, OSOCO
  • 2. Contents 1 SSH tunneling & common uses 2 Local port forwarding 3 Remote port forwarding 4 Dynamic port forwarding 5 X forwarding 6 Some useful tools
  • 3. Protocol tunneling One network protocol —the delivery protocol— encapsulates a different payload protocol. — Wikipedia
  • 4. SSH tunneling A secure shell (SSH) tunnel consists of an encrypted tunnel created through a SSH protocol connection. — Wikipedia
  • 5. Common uses To securely connect to a remote host and have your network traffic encrypted
  • 6. Common uses To securely connect to a remote host and have your network traffic encrypted • You are on a public, non secure, non trusted or unencrypted network. • You use an insecure protocol like POP3, IMAP, SMTP, FTP, telnet, etc.
  • 7. Common uses To bypass local network restrictions and monitoring services
  • 8. Common uses Internet censorship circumvention
  • 10. Common uses Open backdoors to allow outbound connections to hosts behind a firewall
  • 11. Common uses X11 forwarding
  • 12. Common uses Access services bound to the loopback interface
  • 13. Contents 1 SSH tunneling & common uses 2 Local port forwarding 3 Remote port forwarding 4 Dynamic port forwarding 5 X forwarding 6 Some useful tools
  • 14. Local port forwarding Local port forwarding (aka outgoing tunneling) forwards traffic coming to a local port to a specified remote port
  • 15. Local port forwarding Recipe #1: Access a remote service behind a firewall ssh -fN -L <localport>:localhost:<remoteport> user@external The service is available on the loopback interface only.
  • 16. Local port forwarding Recipe #1: Access a remote service behind a firewall ssh -fN -L <localport>:localhost:<remoteport> user@external The service is available on the loopback interface only.
  • 17. Local port forwarding Recipe #1: Access a remote service behind a firewall ssh -fN -L <localport>:localhost:<remoteport> user@external The service is available on the loopback interface only.
  • 18. Local port forwarding Recipe #2: Access a remote service from any host behind the firewall ssh -fN -L 0.0.0.0:<localport>:localhost:<remoteport> user@external or ssh -fN -g -L <localport>:localhost:<remoteport> user@external
  • 19. Local port forwarding Recipe #2: Access a remote service from any host behind the firewall ssh -fN -L 0.0.0.0:<localport>:localhost:<remoteport> user@external or ssh -fN -g -L <localport>:localhost:<remoteport> user@external
  • 20. Local port forwarding Recipe #3: Access a remote service visible from the ssh server ssh -fN -L <localport>:external2:<remoteport> user@external The service is available on the loopback interface only.
  • 21. Local port forwarding Recipe #3: Access a remote service visible from the ssh server ssh -fN -L <localport>:external2:<remoteport> user@external The service is available on the loopback interface only.
  • 22. Local port forwarding Recipe #3: Access a remote service visible from the ssh server ssh -fN -L <localport>:external2:<remoteport> user@external The service is available on the loopback interface only.
  • 23. Local port forwarding Recipe #4: Access a remote service visible from the ssh server for any host behind the firewall ssh -fN -L 0.0.0.0:<localport>:external2:<remoteport> user@external or ssh -fN -g -L <localport>:external2:<remoteport> user@external
  • 24. Local port forwarding Recipe #4: Access a remote service visible from the ssh server for any host behind the firewall ssh -fN -L 0.0.0.0:<localport>:external2:<remoteport> user@external or ssh -fN -g -L <localport>:external2:<remoteport> user@external
  • 25. Contents 1 SSH tunneling & common uses 2 Local port forwarding 3 Remote port forwarding 4 Dynamic port forwarding 5 X forwarding 6 Some useful tools
  • 26. Remote port forwarding Remote port forwarding (aka incoming tunneling) forwards traffic coming to a remote port to a specified local port
  • 27. Remote port forwarding Recipe #5: Access a service behind a firewall from the ssh server ssh -fN -R <remoteport>:localhost:<localport> user@external The service is available on the loopback interface only.
  • 28. Remote port forwarding Recipe #5: Access a service behind a firewall from the ssh server ssh -fN -R <remoteport>:localhost:<localport> user@external The service is available on the loopback interface only.
  • 29. Remote port forwarding Recipe #5: Access a service behind a firewall from the ssh server ssh -fN -R <remoteport>:localhost:<localport> user@external The service is available on the loopback interface only.
  • 30. Remote port forwarding Recipe #6: Access a service behind a firewall from any external host with access to the ssh server ssh -fN -R 0.0.0.0:<remoteport>:localhost:<localport> user@external Edit /etc/ssh/sshd_config at ssh server to allow the client to select the address to which the forwarding is bound: GatewayPorts clientspecified
  • 31. Remote port forwarding Recipe #6: Access a service behind a firewall from any external host with access to the ssh server ssh -fN -R 0.0.0.0:<remoteport>:localhost:<localport> user@external Edit /etc/ssh/sshd_config at ssh server to allow the client to select the address to which the forwarding is bound: GatewayPorts clientspecified
  • 32. Remote port forwarding Recipe #7: Access a service in a host accesible by the ssh client from the ssh server ssh -fN -R <remoteport>:internal2:<localport> user@external The service is available on the loopback interface only.
  • 33. Remote port forwarding Recipe #7: Access a service in a host accesible by the ssh client from the ssh server ssh -fN -R <remoteport>:internal2:<localport> user@external The service is available on the loopback interface only.
  • 34. Remote port forwarding Recipe #7: Access a service in a host accesible by the ssh client from the ssh server ssh -fN -R <remoteport>:internal2:<localport> user@external The service is available on the loopback interface only.
  • 35. Remote port forwarding Recipe #8: Access a service in a host accesible by the ssh client from any host with access to the ssh server ssh -fN -R 0.0.0.0:<remoteport>:internal2:<localport> user@external Edit /etc/ssh/sshd_config at server to allow the client to select the address to which the forwarding is bound: GatewayPorts clientspecified
  • 36. Remote port forwarding Recipe #8: Access a service in a host accesible by the ssh client from any host with access to the ssh server ssh -fN -R 0.0.0.0:<remoteport>:internal2:<localport> user@external Edit /etc/ssh/sshd_config at server to allow the client to select the address to which the forwarding is bound: GatewayPorts clientspecified
  • 37. Contents 1 SSH tunneling & common uses 2 Local port forwarding 3 Remote port forwarding 4 Dynamic port forwarding 5 X forwarding 6 Some useful tools
  • 38. SOCKS SOCKS is an Internet protocol that routes network packets between a client and server through a proxy server — Wikipedia
  • 39. SSH dynamic port forwarding • SSH dynamic port forwarding allows the user to create a local SOCKS proxy. • Free the user from the limitations of connecting only to a predefined remote port and server. • Circumvention tool allowing to bypass Internet filtering to access content otherwise blocked by governments, workplaces and schools.
  • 40. Dynamic port forwarding with SOCKS Recipe #9: Setup a SOCKS proxy ssh -fN -D <proxyport> user@sshserver To allow any internal host to use the proxy: ssh -fN -D 0.0.0.0:<proxyport> user@sshserver
  • 41. Dynamic port forwarding with SOCKS Recipe #9: Setup a SOCKS proxy ssh -fN -D <proxyport> user@sshserver To allow any internal host to use the proxy: ssh -fN -D 0.0.0.0:<proxyport> user@sshserver
  • 42. Contents 1 SSH tunneling & common uses 2 Local port forwarding 3 Remote port forwarding 4 Dynamic port forwarding 5 X forwarding 6 Some useful tools
  • 43. X forwarding • Using X, you can run remote X applications that open their windows on your local display. • The X protocol is insecure and wide open to snoopers. • SSH X forwarding makes the communication secure by tunneling the X protocol: ssh -X user@server xclock
  • 44. Contents 1 SSH tunneling & common uses 2 Local port forwarding 3 Remote port forwarding 4 Dynamic port forwarding 5 X forwarding 6 Some useful tools
  • 45. autossh autossh is a program to start a copy of ssh and monitor it, restarting it as necessary should it die or stop passing traffic. autossh -M <port>[:echo_port] [-f] [SSH OPTIONS]
  • 46. sslh sslh makes it possible to connect to an SSH server or an OpenVPN on port 443 while still serving HTTPS on that port.
  • 47. Port knocking port knocking is a method of externally opening ports on a firewall by generating a connection attempt on a set of prespecified closed ports. Once a correct sequence of connection attempts is received, the firewall rules are dynamically modified to allow the host which sent the connection attempts to connect over specific port(s). — Wikipedia
  • 48. Port knocking (A) client cannot connect to application listening on port n (B) client cannot establish connection to any port
  • 49. Port knocking (1,2,3,4) client connects to a well-defined set of ports in a sequence that contains an encrypted message by sending SYN packets; client has a priori knowledge of the port knocking daemon and its configuration, but receives no acknowledgement during this phase because firewall rules preclude any response
  • 50. Port knocking (A) server process (a port knocking daemon) intercepts connection attempts and interprets (decrypts and decodes) them as comprising an authentic "port knock"; server carries out specific task based on content of port knock, such as opening port n to client
  • 51. Port knocking (A) client connects to port n and authenticates using applications regular mechanism
  • 52. knockd knockd is a port-knock server. It listens to all traffic on an ethernet interface, looking for special "knock" sequences of port-hits.
  • 53. References • SSH: The Secure Shell: http://docstore.mik.ua/orelly/networking_2ndEd/ssh/index.htm • autossh: http://www.harding.motd.ca/autossh/ • sslh: http://www.rutschle.net/tech/sslh.shtml • Port knocking: http://www.portknocking.org/ • knockd: http://www.zeroflux.org/projects/knock
  • 54. Picture credits • Cover photo by twicepix: http://www.flickr.com/photos/twicepix/2825051329/ • The map of the cyber-censorship by Reporters Without Borders: http://march12.rsf.org/en/
  • 55. This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.
  • 56. SSH Tunneling Recipes Developer Toolbox Series OSOCO Rafael Luque