SSH - Tunnel

> SSH (Secure Shell) - Remote Access

1 - About

A Secure Shell (SSH) tunnel consists of an encrypted tunnel created through an SSH protocol connection. Users may set up SSH tunnels:

  • to transfer unencrypted traffic over a network through an encrypted channel.
  • to forward network traffic back or forth.
Advertising

3 - Syntax

An SSH tunnel is a tunnel with two endpoints. You initiate it from your computer and the network is rerouted:

  • from the server with the -R option. It tells the tunnel to answer on the remote side (the SSH server).
  • or from your computer with -L option, It tells the tunnel to answer on the local side of the tunnel (the host running your client).

4 - Example

For example, Microsoft Windows machines can share files using the Server Message Block (SMB) protocol, a non-encrypted protocol. If one were to mount a Microsoft Windows file-system remotely through the Internet, someone snooping on the connection could see transferred files. To mount the Windows file-system securely, one can establish a SSH tunnel that routes all SMB traffic to the remote fileserver through an encrypted channel. Even though the SMB protocol itself contains no encryption, the encrypted SSH channel through which it travels offers security.

5 - Type of Tunneling

5.1 - Forward all server network traffic to client (R Options)

How to access a local port with the help of SSH tunneling.

With the below example, we will query a HTTP server running on the client from the remote Server through SSH tunneling.

Image Credit: How does reverse SSH tunneling work? from Erik

Create the tunnel From the client host:

ssh -N -T -l loginName -R8881:localhost:8888 sshServerHost

where

  • localhost is the host seen from the ssh client
  • The remote port is 8881 (The port of the Remote ssh Server)
  • The local host port is 8888
  • The loginName is loginName
  • N means no remote command
  • T disables pseudo-tty allocation (No terminal)

Usage Example - Make a request from the server rerouted to your computer: On the remote SSH server request, a call to the port 8881 will be redirected to the port 8880 of localhost.

wget localhost:8881/hello.html
--2017-02-07 12:29:22--  http://localhost:8881/hello.html
Resolving localhost... 127.0.0.1
Connecting to localhost|127.0.0.1|:8881... connected.
HTTP request sent, awaiting response... 200 OK
Length: 5 [text/html]
Saving to: `hello.html'

100%[============================================>] 5           --.-K/s   in 0s

2017-02-07 12:29:23 (62.8 KB/s) - `hello.html' saved [5/5]
Advertising

5.2 - Reach a server through a SSH remote server (-L options)

Image Credit: How does reverse SSH tunneling work? from Erik

Create the tunnel: From the client host:

ssh -N -T -l loginName -L8881:server:8888 sshServerHost

where

  • localhost is the host seen from the ssh client
  • The local port is 8881 (The port of your machine)
  • server is the server to reach
  • The server port is 8888
  • The loginName is loginName
  • N means no remote command
  • T disables pseudo-tty allocation (No terminal)

6 - Documentation / Reference

Advertising
ssh/tunnel.txt · Last modified: 2019/05/19 11:41 by gerardnico