SSH Tunneling Recipes      Developer Toolbox Series         Rafael Luque, OSOCO
Contents1   SSH tunneling & common uses2   Local port forwarding3   Remote port forwarding4   Dynamic port forwarding5   X...
Protocol tunnelingOne network protocol —the deliveryprotocol— encapsulates a differentpayload protocol.                   ...
SSH tunnelingA secure shell (SSH) tunnel consists ofan encrypted tunnel created through aSSH protocol connection.         ...
Common uses To securely connect to a remote host and    have your network traffic encrypted
Common uses To securely connect to a remote host and    have your network traffic encrypted • You are on a public, non secu...
Common uses To bypass local network restrictions and          monitoring services
Common uses    Internet censorship circumvention
Map of cyber-censorship
Common uses   Open backdoors to allow outbound  connections to hosts behind a firewall
Common uses          X11 forwarding
Common uses  Access services bound to the loopback                interface
Contents1   SSH tunneling & common uses2   Local port forwarding3   Remote port forwarding4   Dynamic port forwarding5   X...
Local port forwarding   Local port forwarding (aka outgoingtunneling) forwards traffic coming to a local      port to a spe...
Local port forwarding    Recipe #1: Access a remote service behind a firewall    ssh -fN -L <localport>:localhost:<remotepo...
Local port forwarding    Recipe #1: Access a remote service behind a firewall    ssh -fN -L <localport>:localhost:<remotepo...
Local port forwarding    Recipe #1: Access a remote service behind a firewall    ssh -fN -L <localport>:localhost:<remotepo...
Local port forwardingRecipe #2: Access a remote service from any host behind the                        firewall     ssh -f...
Local port forwardingRecipe #2: Access a remote service from any host behind the                        firewall     ssh -f...
Local port forwarding   Recipe #3: Access a remote service visible from the ssh                          server    ssh -fN...
Local port forwarding   Recipe #3: Access a remote service visible from the ssh                          server    ssh -fN...
Local port forwarding   Recipe #3: Access a remote service visible from the ssh                          server    ssh -fN...
Local port forwarding     Recipe #4: Access a remote service visible from the ssh             server for any host behind t...
Local port forwarding     Recipe #4: Access a remote service visible from the ssh             server for any host behind t...
Contents1   SSH tunneling & common uses2   Local port forwarding3   Remote port forwarding4   Dynamic port forwarding5   X...
Remote port forwardingRemote port forwarding (aka incomingtunneling) forwards traffic coming to a remote port to a specified...
Remote port forwarding Recipe #5: Access a service behind a firewall from the ssh                          server    ssh -f...
Remote port forwarding Recipe #5: Access a service behind a firewall from the ssh                          server    ssh -f...
Remote port forwarding Recipe #5: Access a service behind a firewall from the ssh                          server    ssh -f...
Remote port forwarding   Recipe #6: Access a service behind a firewall from any          external host with access to the s...
Remote port forwarding   Recipe #6: Access a service behind a firewall from any          external host with access to the s...
Remote port forwarding  Recipe #7: Access a service in a host accesible by the ssh                client from the ssh serv...
Remote port forwarding  Recipe #7: Access a service in a host accesible by the ssh                client from the ssh serv...
Remote port forwarding  Recipe #7: Access a service in a host accesible by the ssh                client from the ssh serv...
Remote port forwarding  Recipe #8: Access a service in a host accesible by the ssh      client from any host with access t...
Remote port forwarding  Recipe #8: Access a service in a host accesible by the ssh      client from any host with access t...
Contents1   SSH tunneling & common uses2   Local port forwarding3   Remote port forwarding4   Dynamic port forwarding5   X...
SOCKSSOCKS is an Internet protocol thatroutes network packets between aclient and server through a proxyserver            ...
SSH dynamic port forwarding •   SSH dynamic port forwarding allows the user to     create a local SOCKS proxy. •   Free th...
Dynamic port forwarding with SOCKS              Recipe #9: Setup a SOCKS proxy    ssh -fN -D <proxyport> user@sshserverTo ...
Dynamic port forwarding with SOCKS              Recipe #9: Setup a SOCKS proxy    ssh -fN -D <proxyport> user@sshserverTo ...
Contents1   SSH tunneling & common uses2   Local port forwarding3   Remote port forwarding4   Dynamic port forwarding5   X...
X forwarding • Using X, you can run remote X applications that open their   windows on your local display. • The X protoco...
Contents1   SSH tunneling & common uses2   Local port forwarding3   Remote port forwarding4   Dynamic port forwarding5   X...
autosshautossh is a program to start a copy of ssh andmonitor it, restarting it as necessary should it die orstop passing ...
sslhsslh makes it possible to connect to an SSH server oran OpenVPN on port 443 while still serving HTTPSon that port.
Port knockingport knocking is a method of externally opening ports ona firewall by generating a connection attempt on a set...
Port knocking        (A) client cannot connect to        application listening on port n        (B) client cannot establis...
Port knocking        (1,2,3,4) client connects to a        well-defined set of ports in a sequence        that contains an ...
Port knocking        (A) server process (a port knocking        daemon) intercepts connection        attempts and interpre...
Port knocking        (A) client connects to port n and        authenticates using applications        regular mechanism
knockdknockd is a port-knock server. It listens to all traffic onan ethernet interface, looking for special "knock"sequence...
References • SSH: The Secure Shell:   http://docstore.mik.ua/orelly/networking_2ndEd/ssh/index.htm • autossh:   http://www...
Picture credits  • Cover photo by twicepix:    http://www.flickr.com/photos/twicepix/2825051329/  • The map of the cyber-c...
This work is licensed under a Creative CommonsAttribution-NonCommercial-ShareAlike 3.0 Unported License.
SSH Tunneling RecipesDeveloper Toolbox SeriesOSOCORafael Luque
Upcoming SlideShare
Loading in …5
×

SSH Tunneling Recipes

748 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
748
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

SSH Tunneling Recipes

  1. 1. SSH Tunneling Recipes Developer Toolbox Series Rafael Luque, OSOCO
  2. 2. Contents1 SSH tunneling & common uses2 Local port forwarding3 Remote port forwarding4 Dynamic port forwarding5 X forwarding6 Some useful tools
  3. 3. Protocol tunnelingOne network protocol —the deliveryprotocol— encapsulates a differentpayload protocol. — Wikipedia
  4. 4. SSH tunnelingA secure shell (SSH) tunnel consists ofan encrypted tunnel created through aSSH protocol connection. — Wikipedia
  5. 5. Common uses To securely connect to a remote host and have your network traffic encrypted
  6. 6. Common uses To securely connect to a remote host and have your network traffic encrypted • You are on a public, non secure, non trusted or unencrypted network. • You use an insecure protocol like POP3, IMAP, SMTP, FTP, telnet, etc.
  7. 7. Common uses To bypass local network restrictions and monitoring services
  8. 8. Common uses Internet censorship circumvention
  9. 9. Map of cyber-censorship
  10. 10. Common uses Open backdoors to allow outbound connections to hosts behind a firewall
  11. 11. Common uses X11 forwarding
  12. 12. Common uses Access services bound to the loopback interface
  13. 13. Contents1 SSH tunneling & common uses2 Local port forwarding3 Remote port forwarding4 Dynamic port forwarding5 X forwarding6 Some useful tools
  14. 14. Local port forwarding Local port forwarding (aka outgoingtunneling) forwards traffic coming to a local port to a specified remote port
  15. 15. Local port forwarding Recipe #1: Access a remote service behind a firewall ssh -fN -L <localport>:localhost:<remoteport> user@externalThe service is available on the loopback interface only.
  16. 16. Local port forwarding Recipe #1: Access a remote service behind a firewall ssh -fN -L <localport>:localhost:<remoteport> user@externalThe service is available on the loopback interface only.
  17. 17. Local port forwarding Recipe #1: Access a remote service behind a firewall ssh -fN -L <localport>:localhost:<remoteport> user@externalThe service is available on the loopback interface only.
  18. 18. Local port forwardingRecipe #2: Access a remote service from any host behind the firewall ssh -fN -L 0.0.0.0:<localport>:localhost:<remoteport> user@externalor ssh -fN -g -L <localport>:localhost:<remoteport> user@external
  19. 19. Local port forwardingRecipe #2: Access a remote service from any host behind the firewall ssh -fN -L 0.0.0.0:<localport>:localhost:<remoteport> user@externalor ssh -fN -g -L <localport>:localhost:<remoteport> user@external
  20. 20. Local port forwarding Recipe #3: Access a remote service visible from the ssh server ssh -fN -L <localport>:external2:<remoteport> user@externalThe service is available on the loopback interface only.
  21. 21. Local port forwarding Recipe #3: Access a remote service visible from the ssh server ssh -fN -L <localport>:external2:<remoteport> user@externalThe service is available on the loopback interface only.
  22. 22. Local port forwarding Recipe #3: Access a remote service visible from the ssh server ssh -fN -L <localport>:external2:<remoteport> user@externalThe service is available on the loopback interface only.
  23. 23. Local port forwarding Recipe #4: Access a remote service visible from the ssh server for any host behind the firewall ssh -fN -L 0.0.0.0:<localport>:external2:<remoteport> user@externalor ssh -fN -g -L <localport>:external2:<remoteport> user@external
  24. 24. Local port forwarding Recipe #4: Access a remote service visible from the ssh server for any host behind the firewall ssh -fN -L 0.0.0.0:<localport>:external2:<remoteport> user@externalor ssh -fN -g -L <localport>:external2:<remoteport> user@external
  25. 25. Contents1 SSH tunneling & common uses2 Local port forwarding3 Remote port forwarding4 Dynamic port forwarding5 X forwarding6 Some useful tools
  26. 26. Remote port forwardingRemote port forwarding (aka incomingtunneling) forwards traffic coming to a remote port to a specified local port
  27. 27. Remote port forwarding Recipe #5: Access a service behind a firewall from the ssh server ssh -fN -R <remoteport>:localhost:<localport> user@externalThe service is available on the loopback interface only.
  28. 28. Remote port forwarding Recipe #5: Access a service behind a firewall from the ssh server ssh -fN -R <remoteport>:localhost:<localport> user@externalThe service is available on the loopback interface only.
  29. 29. Remote port forwarding Recipe #5: Access a service behind a firewall from the ssh server ssh -fN -R <remoteport>:localhost:<localport> user@externalThe service is available on the loopback interface only.
  30. 30. Remote port forwarding Recipe #6: Access a service behind a firewall from any external host with access to the ssh server ssh -fN -R 0.0.0.0:<remoteport>:localhost:<localport> user@externalEdit /etc/ssh/sshd_config at ssh server to allow the client to select the address to whichthe forwarding is bound: GatewayPorts clientspecified
  31. 31. Remote port forwarding Recipe #6: Access a service behind a firewall from any external host with access to the ssh server ssh -fN -R 0.0.0.0:<remoteport>:localhost:<localport> user@externalEdit /etc/ssh/sshd_config at ssh server to allow the client to select the address to whichthe forwarding is bound: GatewayPorts clientspecified
  32. 32. Remote port forwarding Recipe #7: Access a service in a host accesible by the ssh client from the ssh server ssh -fN -R <remoteport>:internal2:<localport> user@externalThe service is available on the loopback interface only.
  33. 33. Remote port forwarding Recipe #7: Access a service in a host accesible by the ssh client from the ssh server ssh -fN -R <remoteport>:internal2:<localport> user@externalThe service is available on the loopback interface only.
  34. 34. Remote port forwarding Recipe #7: Access a service in a host accesible by the ssh client from the ssh server ssh -fN -R <remoteport>:internal2:<localport> user@externalThe service is available on the loopback interface only.
  35. 35. Remote port forwarding Recipe #8: Access a service in a host accesible by the ssh client from any host with access to the ssh server ssh -fN -R 0.0.0.0:<remoteport>:internal2:<localport> user@externalEdit /etc/ssh/sshd_config at server to allow the client to select the address to which theforwarding is bound: GatewayPorts clientspecified
  36. 36. Remote port forwarding Recipe #8: Access a service in a host accesible by the ssh client from any host with access to the ssh server ssh -fN -R 0.0.0.0:<remoteport>:internal2:<localport> user@externalEdit /etc/ssh/sshd_config at server to allow the client to select the address to which theforwarding is bound: GatewayPorts clientspecified
  37. 37. Contents1 SSH tunneling & common uses2 Local port forwarding3 Remote port forwarding4 Dynamic port forwarding5 X forwarding6 Some useful tools
  38. 38. SOCKSSOCKS is an Internet protocol thatroutes network packets between aclient and server through a proxyserver — Wikipedia
  39. 39. SSH dynamic port forwarding • SSH dynamic port forwarding allows the user to create a local SOCKS proxy. • Free the user from the limitations of connecting only to a predefined remote port and server. • Circumvention tool allowing to bypass Internet filtering to access content otherwise blocked by governments, workplaces and schools.
  40. 40. Dynamic port forwarding with SOCKS Recipe #9: Setup a SOCKS proxy ssh -fN -D <proxyport> user@sshserverTo allow any internal host to use the proxy: ssh -fN -D 0.0.0.0:<proxyport> user@sshserver
  41. 41. Dynamic port forwarding with SOCKS Recipe #9: Setup a SOCKS proxy ssh -fN -D <proxyport> user@sshserverTo allow any internal host to use the proxy: ssh -fN -D 0.0.0.0:<proxyport> user@sshserver
  42. 42. Contents1 SSH tunneling & common uses2 Local port forwarding3 Remote port forwarding4 Dynamic port forwarding5 X forwarding6 Some useful tools
  43. 43. X forwarding • Using X, you can run remote X applications that open their windows on your local display. • The X protocol is insecure and wide open to snoopers. • SSH X forwarding makes the communication secure by tunneling the X protocol: ssh -X user@server xclock
  44. 44. Contents1 SSH tunneling & common uses2 Local port forwarding3 Remote port forwarding4 Dynamic port forwarding5 X forwarding6 Some useful tools
  45. 45. autosshautossh is a program to start a copy of ssh andmonitor it, restarting it as necessary should it die orstop passing traffic. autossh -M <port>[:echo_port] [-f] [SSH OPTIONS]
  46. 46. sslhsslh makes it possible to connect to an SSH server oran OpenVPN on port 443 while still serving HTTPSon that port.
  47. 47. Port knockingport knocking is a method of externally opening ports ona firewall by generating a connection attempt on a set ofprespecified closed ports. Once a correct sequence ofconnection attempts is received, the firewall rules aredynamically modified to allow the host which sent theconnection attempts to connect over specific port(s). — Wikipedia
  48. 48. Port knocking (A) client cannot connect to application listening on port n (B) client cannot establish connection to any port
  49. 49. Port knocking (1,2,3,4) client connects to a well-defined set of ports in a sequence that contains an encrypted message by sending SYN packets; client has a priori knowledge of the port knocking daemon and its configuration, but receives no acknowledgement during this phase because firewall rules preclude any response
  50. 50. Port knocking (A) server process (a port knocking daemon) intercepts connection attempts and interprets (decrypts and decodes) them as comprising an authentic "port knock"; server carries out specific task based on content of port knock, such as opening port n to client
  51. 51. Port knocking (A) client connects to port n and authenticates using applications regular mechanism
  52. 52. knockdknockd is a port-knock server. It listens to all traffic onan ethernet interface, looking for special "knock"sequences of port-hits.
  53. 53. References • SSH: The Secure Shell: http://docstore.mik.ua/orelly/networking_2ndEd/ssh/index.htm • autossh: http://www.harding.motd.ca/autossh/ • sslh: http://www.rutschle.net/tech/sslh.shtml • Port knocking: http://www.portknocking.org/ • knockd: http://www.zeroflux.org/projects/knock
  54. 54. Picture credits • Cover photo by twicepix: http://www.flickr.com/photos/twicepix/2825051329/ • The map of the cyber-censorship by Reporters Without Borders: http://march12.rsf.org/en/
  55. 55. This work is licensed under a Creative CommonsAttribution-NonCommercial-ShareAlike 3.0 Unported License.
  56. 56. SSH Tunneling RecipesDeveloper Toolbox SeriesOSOCORafael Luque

×