Difference between revisions of "OpenSSH/Tunelling"
Line 12: | Line 12: | ||
= Remote port forwarding (reverse SSH tunnel) = | = Remote port forwarding (reverse SSH tunnel) = | ||
-R <sourcePort>:<forwardToHost>:<onPort> <gate> | |||
// // | |||
in-front-of-firewall@server1 //NAT// behind-firewall@server2 | |||
<------------------------------------------- | |||
2. the tunnel listens on // FW// 1. this server initiates a -R reverse tunnel | |||
localhost:2222 port and // // | |||
any data forwards down through the tunnel to port 22 of the other end of the tunnel | |||
-------------------------------------------- | |||
>>> :2222 >>>>> tunnel >>>>> :22 | |||
-------------------------------------------- | |||
From the firewalled host: | From the firewalled host: | ||
behind-firewall@server2:$ ssh -f -N -T -R2222:localhost:22 in-front-of-firewall@server1.com | |||
This tells your client to establish a tunnel with a -Remote entry point. Anything that attaches to port 2222 on the far end of the tunnel will actually reach "localhost port 22" (computer that you execute the command). | |||
Then on the in-front-of-firewall@server1 server ssh to localhost:2222 will send all traffic through the tunnel to behind-firewall@server2 server. | |||
ssh -p 2222 behind-firewall@localhost | |||
The other options are: | The other options are: |
Revision as of 12:02, 30 September 2016
Different types of tunnelling:
- Local port forwarding: connections from the SSH client are forwarded via the SSH server, then to a destination server
- Remote port forwarding (reverse SSH tunnel): connections from the SSH server are forwarded via the SSH client, then to a destination server
- Dynamic port forwarding: connections from various programs are forwarded via the SSH client, then via the SSH server, and finally to several destination servers
Local port forwarding - straight tunnel
-L <local-port-to-listen>:<remote-host>:<remote-port> <gateway>
Example
in-fornf-of-firewall@localhost:$ ssh -f -N -T -L8080:remotehost.com:8888 jumpbox.com
Remote port forwarding (reverse SSH tunnel)
-R <sourcePort>:<forwardToHost>:<onPort> <gate>
// // in-front-of-firewall@server1 //NAT// behind-firewall@server2 <------------------------------------------- 2. the tunnel listens on // FW// 1. this server initiates a -R reverse tunnel localhost:2222 port and // // any data forwards down through the tunnel to port 22 of the other end of the tunnel -------------------------------------------- >>> :2222 >>>>> tunnel >>>>> :22 --------------------------------------------
From the firewalled host:
behind-firewall@server2:$ ssh -f -N -T -R2222:localhost:22 in-front-of-firewall@server1.com
This tells your client to establish a tunnel with a -Remote entry point. Anything that attaches to port 2222 on the far end of the tunnel will actually reach "localhost port 22" (computer that you execute the command).
Then on the in-front-of-firewall@server1 server ssh to localhost:2222 will send all traffic through the tunnel to behind-firewall@server2 server.
ssh -p 2222 behind-firewall@localhost
The other options are:
-f
tells ssh to background itself after it authenticates, so you don't have to sit around running something on the remote server for the tunnel to remain alive.-N
says that you want an SSH connection, but you don't actually want to run any remote commands. If all you're creating is a tunnel, then including this option saves resources.-T
disables pseudo-tty allocation, which is appropriate because you're not trying to create an interactive shell.
Local and Remote port forwarding graphs
Local port forwarding
Remote port forwarding
Show current tunnels
Shows -L local forwarding tunnels
netstat -tpln | grep ssh #t: TCP, p: show process, l: listening, n: numeric values (header added, tested on Debian wheezy) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:1443 0.0.0.0:* LISTEN 4036/ssh
Which can be read as: SSH (not SSHd) is listening to local TCP port 1443
if you only want to list tunnels created by ssh
$ sudo lsof -i -n | egrep '\<ssh\>' ssh 19749 user 3u IPv4 148088244 TCP x.x.x.x:39689->y.y.y.y:22 (ESTABLISHED) ssh 19749 user 4u IPv6 148088282 TCP [::1]:9090 (LISTEN) ssh 19749 user 5u IPv4 148088283 TCP 127.0.0.1:9090 (LISTEN)
(that would be a -L 9090:localhost:80 tunnel)
Shows -R reverse tunnels
if you want to see the tunnels / connections made to a sshd:
$ sudo lsof -i -n | egrep '\<sshd\>' sshd 15767 root 3u IPv4 147401205 TCP x.x.x.x:22->y.y.y.y:27479 (ESTABLISHED) sshd 15842 user 3u IPv4 147401205 TCP x.x.x.x:22->y.y.y.y:27479 (ESTABLISHED) sshd 15842 user 9u IPv4 148002889 TCP 127.0.0.1:33999->127.0.0.1:www (ESTABLISHED) sshd 1396 user 9u IPv4 148056581 TCP 127.0.0.1:5000 (LISTEN) sshd 25936 root 3u IPv4 143971728 TCP *:22 (LISTEN)
the ssh-daemon listens on port 22 (last line), 2 subprocesses are spawned (first 2 lines, login of 'user'), a -R tunnel created on port 5000, and a -L tunnel which forwards a port from my (local) machine to localhost:80 (www).
sudo lsof -i -n | egrep '\<sshd\>' | grep -v ":ssh" | grep LISTEN | sed 1~2d | awk '{ print $2}' | while read line; do sudo lsof -i -n | egrep $line | sed 3~3d | sed 's/.*->//' | sed 's/:......*(ESTABLISHED)//' | sed 's/.*://' | sed 's/(.*//' | sed 'N;s/\n/:/' 2>&1 ;done
References
- The Black Magic Of SSH vimeo
- ssh-tunneling-work unix.stackexchange.com, diagrams