Your SlideShare is downloading. ×
SSH Tunneling Recipes
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

SSH Tunneling Recipes

5,075
views

Published on

Published in: Technology

0 Comments
10 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
5,075
On Slideshare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
167
Comments
0
Likes
10
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. SSH Tunneling Recipes Developer Toolbox Series Rafael Luque, OSOCO
  • 2. Contents1 SSH tunneling & common uses2 Local port forwarding3 Remote port forwarding4 Dynamic port forwarding5 X forwarding6 Some useful tools
  • 3. Protocol tunnelingOne network protocol —the deliveryprotocol— encapsulates a differentpayload protocol. — Wikipedia
  • 4. SSH tunnelingA secure shell (SSH) tunnel consists ofan encrypted tunnel created through aSSH protocol connection. — Wikipedia
  • 5. Common uses To securely connect to a remote host and have your network traffic encrypted
  • 6. Common uses To securely connect to a remote host and have your network traffic encrypted • You are on a public, non secure, non trusted or unencrypted network. • You use an insecure protocol like POP3, IMAP, SMTP, FTP, telnet, etc.
  • 7. Common uses To bypass local network restrictions and monitoring services
  • 8. Common uses Internet censorship circumvention
  • 9. Map of cyber-censorship
  • 10. Common uses Open backdoors to allow outbound connections to hosts behind a firewall
  • 11. Common uses X11 forwarding
  • 12. Common uses Access services bound to the loopback interface
  • 13. Contents1 SSH tunneling & common uses2 Local port forwarding3 Remote port forwarding4 Dynamic port forwarding5 X forwarding6 Some useful tools
  • 14. Local port forwarding Local port forwarding (aka outgoingtunneling) forwards traffic coming to a local port to a specified remote port
  • 15. Local port forwarding Recipe #1: Access a remote service behind a firewall ssh -fN -L <localport>:localhost:<remoteport> user@externalThe service is available on the loopback interface only.
  • 16. Local port forwarding Recipe #1: Access a remote service behind a firewall ssh -fN -L <localport>:localhost:<remoteport> user@externalThe service is available on the loopback interface only.
  • 17. Local port forwarding Recipe #1: Access a remote service behind a firewall ssh -fN -L <localport>:localhost:<remoteport> user@externalThe service is available on the loopback interface only.
  • 18. Local port forwardingRecipe #2: Access a remote service from any host behind the firewall ssh -fN -L 0.0.0.0:<localport>:localhost:<remoteport> user@externalor ssh -fN -g -L <localport>:localhost:<remoteport> user@external
  • 19. Local port forwardingRecipe #2: Access a remote service from any host behind the firewall ssh -fN -L 0.0.0.0:<localport>:localhost:<remoteport> user@externalor ssh -fN -g -L <localport>:localhost:<remoteport> user@external
  • 20. Local port forwarding Recipe #3: Access a remote service visible from the ssh server ssh -fN -L <localport>:external2:<remoteport> user@externalThe service is available on the loopback interface only.
  • 21. Local port forwarding Recipe #3: Access a remote service visible from the ssh server ssh -fN -L <localport>:external2:<remoteport> user@externalThe service is available on the loopback interface only.
  • 22. Local port forwarding Recipe #3: Access a remote service visible from the ssh server ssh -fN -L <localport>:external2:<remoteport> user@externalThe service is available on the loopback interface only.
  • 23. Local port forwarding Recipe #4: Access a remote service visible from the ssh server for any host behind the firewall ssh -fN -L 0.0.0.0:<localport>:external2:<remoteport> user@externalor ssh -fN -g -L <localport>:external2:<remoteport> user@external
  • 24. Local port forwarding Recipe #4: Access a remote service visible from the ssh server for any host behind the firewall ssh -fN -L 0.0.0.0:<localport>:external2:<remoteport> user@externalor ssh -fN -g -L <localport>:external2:<remoteport> user@external
  • 25. Contents1 SSH tunneling & common uses2 Local port forwarding3 Remote port forwarding4 Dynamic port forwarding5 X forwarding6 Some useful tools
  • 26. Remote port forwardingRemote port forwarding (aka incomingtunneling) forwards traffic coming to a remote port to a specified local port
  • 27. Remote port forwarding Recipe #5: Access a service behind a firewall from the ssh server ssh -fN -R <remoteport>:localhost:<localport> user@externalThe service is available on the loopback interface only.
  • 28. Remote port forwarding Recipe #5: Access a service behind a firewall from the ssh server ssh -fN -R <remoteport>:localhost:<localport> user@externalThe service is available on the loopback interface only.
  • 29. Remote port forwarding Recipe #5: Access a service behind a firewall from the ssh server ssh -fN -R <remoteport>:localhost:<localport> user@externalThe service is available on the loopback interface only.
  • 30. Remote port forwarding Recipe #6: Access a service behind a firewall from any external host with access to the ssh server ssh -fN -R 0.0.0.0:<remoteport>:localhost:<localport> user@externalEdit /etc/ssh/sshd_config at ssh server to allow the client to select the address to whichthe forwarding is bound: GatewayPorts clientspecified
  • 31. Remote port forwarding Recipe #6: Access a service behind a firewall from any external host with access to the ssh server ssh -fN -R 0.0.0.0:<remoteport>:localhost:<localport> user@externalEdit /etc/ssh/sshd_config at ssh server to allow the client to select the address to whichthe forwarding is bound: GatewayPorts clientspecified
  • 32. Remote port forwarding Recipe #7: Access a service in a host accesible by the ssh client from the ssh server ssh -fN -R <remoteport>:internal2:<localport> user@externalThe service is available on the loopback interface only.
  • 33. Remote port forwarding Recipe #7: Access a service in a host accesible by the ssh client from the ssh server ssh -fN -R <remoteport>:internal2:<localport> user@externalThe service is available on the loopback interface only.
  • 34. Remote port forwarding Recipe #7: Access a service in a host accesible by the ssh client from the ssh server ssh -fN -R <remoteport>:internal2:<localport> user@externalThe service is available on the loopback interface only.
  • 35. Remote port forwarding Recipe #8: Access a service in a host accesible by the ssh client from any host with access to the ssh server ssh -fN -R 0.0.0.0:<remoteport>:internal2:<localport> user@externalEdit /etc/ssh/sshd_config at server to allow the client to select the address to which theforwarding is bound: GatewayPorts clientspecified
  • 36. Remote port forwarding Recipe #8: Access a service in a host accesible by the ssh client from any host with access to the ssh server ssh -fN -R 0.0.0.0:<remoteport>:internal2:<localport> user@externalEdit /etc/ssh/sshd_config at server to allow the client to select the address to which theforwarding is bound: GatewayPorts clientspecified
  • 37. Contents1 SSH tunneling & common uses2 Local port forwarding3 Remote port forwarding4 Dynamic port forwarding5 X forwarding6 Some useful tools
  • 38. SOCKSSOCKS is an Internet protocol thatroutes network packets between aclient and server through a proxyserver — Wikipedia
  • 39. SSH dynamic port forwarding • SSH dynamic port forwarding allows the user to create a local SOCKS proxy. • Free the user from the limitations of connecting only to a predefined remote port and server. • Circumvention tool allowing to bypass Internet filtering to access content otherwise blocked by governments, workplaces and schools.
  • 40. Dynamic port forwarding with SOCKS Recipe #9: Setup a SOCKS proxy ssh -fN -D <proxyport> user@sshserverTo allow any internal host to use the proxy: ssh -fN -D 0.0.0.0:<proxyport> user@sshserver
  • 41. Dynamic port forwarding with SOCKS Recipe #9: Setup a SOCKS proxy ssh -fN -D <proxyport> user@sshserverTo allow any internal host to use the proxy: ssh -fN -D 0.0.0.0:<proxyport> user@sshserver
  • 42. Contents1 SSH tunneling & common uses2 Local port forwarding3 Remote port forwarding4 Dynamic port forwarding5 X forwarding6 Some useful tools
  • 43. X forwarding • Using X, you can run remote X applications that open their windows on your local display. • The X protocol is insecure and wide open to snoopers. • SSH X forwarding makes the communication secure by tunneling the X protocol: ssh -X user@server xclock
  • 44. Contents1 SSH tunneling & common uses2 Local port forwarding3 Remote port forwarding4 Dynamic port forwarding5 X forwarding6 Some useful tools
  • 45. autosshautossh is a program to start a copy of ssh andmonitor it, restarting it as necessary should it die orstop passing traffic. autossh -M <port>[:echo_port] [-f] [SSH OPTIONS]
  • 46. sslhsslh makes it possible to connect to an SSH server oran OpenVPN on port 443 while still serving HTTPSon that port.
  • 47. Port knockingport knocking is a method of externally opening ports ona firewall by generating a connection attempt on a set ofprespecified closed ports. Once a correct sequence ofconnection attempts is received, the firewall rules aredynamically modified to allow the host which sent theconnection attempts to connect over specific port(s). — Wikipedia
  • 48. Port knocking (A) client cannot connect to application listening on port n (B) client cannot establish connection to any port
  • 49. Port knocking (1,2,3,4) client connects to a well-defined set of ports in a sequence that contains an encrypted message by sending SYN packets; client has a priori knowledge of the port knocking daemon and its configuration, but receives no acknowledgement during this phase because firewall rules preclude any response
  • 50. Port knocking (A) server process (a port knocking daemon) intercepts connection attempts and interprets (decrypts and decodes) them as comprising an authentic "port knock"; server carries out specific task based on content of port knock, such as opening port n to client
  • 51. Port knocking (A) client connects to port n and authenticates using applications regular mechanism
  • 52. knockdknockd is a port-knock server. It listens to all traffic onan ethernet interface, looking for special "knock"sequences of port-hits.
  • 53. References • SSH: The Secure Shell: http://docstore.mik.ua/orelly/networking_2ndEd/ssh/index.htm • autossh: http://www.harding.motd.ca/autossh/ • sslh: http://www.rutschle.net/tech/sslh.shtml • Port knocking: http://www.portknocking.org/ • knockd: http://www.zeroflux.org/projects/knock
  • 54. Picture credits • Cover photo by twicepix: http://www.flickr.com/photos/twicepix/2825051329/ • The map of the cyber-censorship by Reporters Without Borders: http://march12.rsf.org/en/
  • 55. This work is licensed under a Creative CommonsAttribution-NonCommercial-ShareAlike 3.0 Unported License.
  • 56. SSH Tunneling RecipesDeveloper Toolbox SeriesOSOCORafael Luque