SlideShare a Scribd company logo
1 of 23
SSH Tunnel
@amandeepsingh
Topics
● SSH
● SSH Tunnels
● Types of SSH Tunnels
● Practical
● Benefits & Alternatives
Secure Socket Shell (SSH)
SSH is a network protocol that provides administrators with a secure way to access a
remote computer.
Secure Shell provides strong authentication and secure encrypted data communications
between two computers connecting over an insecure network such as the Internet.
ssh username@ipaddress
Install SSH
In Debian System
sudo apt-get install openssh-server openssh-client
How SSH works
SSH
Client
SSH
Server
Terminal
Application
22
Local Machine
My Computer
Remote Machine
gitlab.xxx.com
Scenario
My System
Internet
Pub IP: 202.164.44.245
Pvt IP: 192.168.1.178
gitlab.xxx.com Internal System
Pvt IP: 192.168.1.18
Private Network
SSH tunneling (also called SSH port forwarding)
SSH has a feature called SSH tunnelling (or SSH port forwarding).
SSH Tunnel creates an encrypted connection between a local computer and a remote
computer through which you can relay traffic. It is very useful, and you can use it to
securely access unencrypted protocols such as VNC or firewalled resources like database
servers.
Why we are discussing this today
Types of SSH Tunneling
● Dynamic Port Forwarding
● Local Port Forwarding
● Remote Port Forwarding
Dynamic Port Forwarding(Make Remote Resources
Accessible on Your Local System)
● It creates SOCKS Proxy in Client side
● All client application(browser) are configured to SOCKS proxy settings
● What are the contents sent to that port is transparently redirected, encrypted to
remote server
● Response from remote machine is received in same way
Dynamic Tunnel
ssh -D 8080 amandeep@gitlab.xxx.com
In windows we can use open source software Putty to create tunnel
Local Port
Dynamic Port Forwarding
SSH
Client
SSH
Server
22
(Encrypted)
My Machine gitlab.xxx.com
SOCKS
Proxy
Any
Application
like browser
*
Any
Application
8080
http://localhost/
http://localhost/
Demo
Local Port Forwarding(Make Remote Resources
Accessible on Your Local System)
● In client side we bind one port
● What are the contents sent to that port is transparently redirected, encrypted to
remote server
● Response from remote machine is received in same way
Local port forwarding tunnel
ssh -L 8000:192.168.1.26:80 amandeep@gitlab.xxx.com
In windows we can use open source software Putty to create tunnel
Local Port Remote Port
Local Port Forwarding
SSH
Client
SSH
Server
22
(Encrypted)
My Machine gitlab.xxx.com
Any
Application
*
8000
http://localhost:8000
http://localhost/
192.168.1.26
Demo
Remote Port Forwarding: Make Local Resources
Accessible on a Remote System
● “Remote port forwarding” is the opposite of local forwarding, and isn’t used as
frequently.
● It allows you to make a resource on your local PC available on the SSH server.
● For example, let’s say you’re running a web server on the local PC you’re sitting in
front of. But your PC is behind a firewall that doesn’t allow incoming traffic to the
server software.
SSH Tunnel
Internet
gitlab.xxx.com Any SSH Client
SSH ServerSSH Client
This is what we have implemented on Bigrox to make Raspberry Pi accessible through SSH
server
Raspberry Pi
Remote port forwarding tunnel
ssh -R 5002:localhost:22 amandeep@gitlab.xxx.com
In windows we can use open source software Putty to create tunnel
Remote Port Local Port
Demo
Benefits
● Explore the resources which are behind the firewall.
● Expose local servers to the internet.
● System administrators and IT professionals use it for opening backdoors into the
internal network from their home machines.
● Other free alternatives
- Ngrok
- Serveo
Question time

More Related Content

What's hot

Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSH
Hemant Shah
 
OS Database Security Chapter 6
OS Database Security Chapter 6OS Database Security Chapter 6
OS Database Security Chapter 6
AfiqEfendy Zaen
 

What's hot (20)

IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1
 
Secure SHell
Secure SHellSecure SHell
Secure SHell
 
ssh.ppt
ssh.pptssh.ppt
ssh.ppt
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSH
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
John the ripper & hydra password cracking tool
John the ripper & hydra password cracking toolJohn the ripper & hydra password cracking tool
John the ripper & hydra password cracking tool
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect Explained
 
Secure shell
Secure shellSecure shell
Secure shell
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissance
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSH
 
Linux Hardening - nullhyd
Linux Hardening - nullhydLinux Hardening - nullhyd
Linux Hardening - nullhyd
 
CNIT 123 Ch 10: Hacking Web Servers
CNIT 123 Ch 10: Hacking Web ServersCNIT 123 Ch 10: Hacking Web Servers
CNIT 123 Ch 10: Hacking Web Servers
 
Hacking Lab con ProxMox e Metasploitable
Hacking Lab con ProxMox e MetasploitableHacking Lab con ProxMox e Metasploitable
Hacking Lab con ProxMox e Metasploitable
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration Testing
 
OS Database Security Chapter 6
OS Database Security Chapter 6OS Database Security Chapter 6
OS Database Security Chapter 6
 
Ch04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksCh04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and Attacks
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
 
AV Evasion with the Veil Framework
AV Evasion with the Veil FrameworkAV Evasion with the Veil Framework
AV Evasion with the Veil Framework
 
Open source software development
Open source software developmentOpen source software development
Open source software development
 

Similar to Ssh tunnel

Ssh
SshSsh
Ssh
gh02
 
Unit 13 network client
Unit 13 network clientUnit 13 network client
Unit 13 network client
root_fibo
 
Presentation nix
Presentation nixPresentation nix
Presentation nix
fangjiafu
 
Presentation nix
Presentation nixPresentation nix
Presentation nix
fangjiafu
 
SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testers
E D Williams
 
Ssh And Rlogin
Ssh And RloginSsh And Rlogin
Ssh And Rlogin
Sourav Roy
 
By Nithin & group
By Nithin & groupBy Nithin & group
By Nithin & group
Sourav Roy
 

Similar to Ssh tunnel (20)

Ssh
SshSsh
Ssh
 
Remote1
Remote1Remote1
Remote1
 
Windowshadoop
WindowshadoopWindowshadoop
Windowshadoop
 
Using Secure Shell on Linux: What Everyone Should Know
Using Secure Shell on Linux: What Everyone Should KnowUsing Secure Shell on Linux: What Everyone Should Know
Using Secure Shell on Linux: What Everyone Should Know
 
Up and Running SSH Service - Part 2
Up and Running SSH Service - Part 2Up and Running SSH Service - Part 2
Up and Running SSH Service - Part 2
 
DSSH: Innovation in SSH
DSSH: Innovation in SSHDSSH: Innovation in SSH
DSSH: Innovation in SSH
 
Unit 13 network client
Unit 13 network clientUnit 13 network client
Unit 13 network client
 
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
 
Presentation nix
Presentation nixPresentation nix
Presentation nix
 
Presentation nix
Presentation nixPresentation nix
Presentation nix
 
SSH.pdf
SSH.pdfSSH.pdf
SSH.pdf
 
Ssh that wonderful thing
Ssh that wonderful thingSsh that wonderful thing
Ssh that wonderful thing
 
SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testers
 
SSh_part_1.pptx
SSh_part_1.pptxSSh_part_1.pptx
SSh_part_1.pptx
 
Remote Login
Remote LoginRemote Login
Remote Login
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safe
 
Introducing bastion hosts for oracle cloud infrastructure v1.0
Introducing bastion hosts for oracle cloud infrastructure v1.0Introducing bastion hosts for oracle cloud infrastructure v1.0
Introducing bastion hosts for oracle cloud infrastructure v1.0
 
Ssh And Rlogin
Ssh And RloginSsh And Rlogin
Ssh And Rlogin
 
By Nithin & group
By Nithin & groupBy Nithin & group
By Nithin & group
 
tutorial-ssh.pdf
tutorial-ssh.pdftutorial-ssh.pdf
tutorial-ssh.pdf
 

More from Amandeep Singh (6)

Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to docker
 
Simple ci cd with strider cd
Simple ci cd with strider cdSimple ci cd with strider cd
Simple ci cd with strider cd
 
Headless Architecture
Headless ArchitectureHeadless Architecture
Headless Architecture
 
Progressive Web Application
Progressive Web ApplicationProgressive Web Application
Progressive Web Application
 
Content Delivery Using Amazon CloudFront
Content Delivery Using Amazon CloudFrontContent Delivery Using Amazon CloudFront
Content Delivery Using Amazon CloudFront
 
Software architectures
Software architecturesSoftware architectures
Software architectures
 

Recently uploaded

Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
FIDO Alliance
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
FIDO Alliance
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
FIDO Alliance
 
Microsoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdfMicrosoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdf
Overkill Security
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
panagenda
 

Recently uploaded (20)

JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfFrisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptxCyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development Companies
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
الأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهالأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهله
 
Microsoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdfMicrosoft BitLocker Bypass Attack Method.pdf
Microsoft BitLocker Bypass Attack Method.pdf
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 

Ssh tunnel

  • 2. Topics ● SSH ● SSH Tunnels ● Types of SSH Tunnels ● Practical ● Benefits & Alternatives
  • 3. Secure Socket Shell (SSH) SSH is a network protocol that provides administrators with a secure way to access a remote computer. Secure Shell provides strong authentication and secure encrypted data communications between two computers connecting over an insecure network such as the Internet. ssh username@ipaddress
  • 4. Install SSH In Debian System sudo apt-get install openssh-server openssh-client
  • 5. How SSH works SSH Client SSH Server Terminal Application 22 Local Machine My Computer Remote Machine gitlab.xxx.com
  • 6. Scenario My System Internet Pub IP: 202.164.44.245 Pvt IP: 192.168.1.178 gitlab.xxx.com Internal System Pvt IP: 192.168.1.18 Private Network
  • 7. SSH tunneling (also called SSH port forwarding) SSH has a feature called SSH tunnelling (or SSH port forwarding). SSH Tunnel creates an encrypted connection between a local computer and a remote computer through which you can relay traffic. It is very useful, and you can use it to securely access unencrypted protocols such as VNC or firewalled resources like database servers.
  • 8. Why we are discussing this today
  • 9. Types of SSH Tunneling ● Dynamic Port Forwarding ● Local Port Forwarding ● Remote Port Forwarding
  • 10. Dynamic Port Forwarding(Make Remote Resources Accessible on Your Local System) ● It creates SOCKS Proxy in Client side ● All client application(browser) are configured to SOCKS proxy settings ● What are the contents sent to that port is transparently redirected, encrypted to remote server ● Response from remote machine is received in same way
  • 11. Dynamic Tunnel ssh -D 8080 amandeep@gitlab.xxx.com In windows we can use open source software Putty to create tunnel Local Port
  • 12. Dynamic Port Forwarding SSH Client SSH Server 22 (Encrypted) My Machine gitlab.xxx.com SOCKS Proxy Any Application like browser * Any Application 8080 http://localhost/ http://localhost/
  • 13. Demo
  • 14. Local Port Forwarding(Make Remote Resources Accessible on Your Local System) ● In client side we bind one port ● What are the contents sent to that port is transparently redirected, encrypted to remote server ● Response from remote machine is received in same way
  • 15. Local port forwarding tunnel ssh -L 8000:192.168.1.26:80 amandeep@gitlab.xxx.com In windows we can use open source software Putty to create tunnel Local Port Remote Port
  • 16. Local Port Forwarding SSH Client SSH Server 22 (Encrypted) My Machine gitlab.xxx.com Any Application * 8000 http://localhost:8000 http://localhost/ 192.168.1.26
  • 17. Demo
  • 18. Remote Port Forwarding: Make Local Resources Accessible on a Remote System ● “Remote port forwarding” is the opposite of local forwarding, and isn’t used as frequently. ● It allows you to make a resource on your local PC available on the SSH server. ● For example, let’s say you’re running a web server on the local PC you’re sitting in front of. But your PC is behind a firewall that doesn’t allow incoming traffic to the server software.
  • 19. SSH Tunnel Internet gitlab.xxx.com Any SSH Client SSH ServerSSH Client This is what we have implemented on Bigrox to make Raspberry Pi accessible through SSH server Raspberry Pi
  • 20. Remote port forwarding tunnel ssh -R 5002:localhost:22 amandeep@gitlab.xxx.com In windows we can use open source software Putty to create tunnel Remote Port Local Port
  • 21. Demo
  • 22. Benefits ● Explore the resources which are behind the firewall. ● Expose local servers to the internet. ● System administrators and IT professionals use it for opening backdoors into the internal network from their home machines. ● Other free alternatives - Ngrok - Serveo

Editor's Notes

  1. “Local port forwarding” allows you to access local network resources that aren’t exposed to the Internet. For example, let’s say you want to access a database server at your office from your home. For security reasons, that database server is only configured to accept connections from the local office network. But if you have access to an SSH server at the office, and that SSH server allows connections from outside the office network, then you can connect to that SSH server from home and access the database server as if you were in the office. This is often the case, as it’s easier to secure a single SSH server against attacks than to secure a variety of different network resources.