SSH Tunneling

Easy SSH bounces

to reach an SSH host behind another one, there’s two ways, the dirty way

ssh -tA JUMP-HOST ssh INTERNAL-HOST

and the right way

ssh INTERNAL-HOST -l INTERNAL-USER -J JUMP-HOST

which is equivalent for

ssh INTERNAL-HOST -l INTERNAL-USER -o ProxyCommand="ssh -W %h:%p JUMP-HOST"

Classic Tunnel

You want to map a remote port locally,

ssh -L localport:localhost:remoteport remotehost

You want to map a port that is available on the remote network locally,

ssh -L localport:internalhost:remoteport remotebounce

Check

netstat -lntupe --inet --inet6 | grep localport

You can even further make the service accessible on your network by adding a bind_address at front

x.x.x.x:

Reverse Tunnel

You want to map a local port to a remote host,

ssh -R remoteport:localhost:localport remotehost

You want to map a port that is available on your network to a remote host,

ssh -R remoteport:somepeer:localport remotehost

Check on the remote host

netstat -lntupe --inet --inet6 | grep remoteport

You can even further make the service accessible on the remote network by adding a bind_address at front

x.x.x.x:

Whatever Forward Proxy

You want a SOCKS4 or SOCKS5 forward proxy on your local system,

ssh -D 1080 remotehost

You want the same but actually providing the forwarding service to others on your internal network,

ssh -D BIND-TO-IP:PORT remotehost

or just on any network interface,

ssh -D *:PORT remotehost

Finally, if you want to bring this up at startup,

vi /etc/rc.local

#goes into bg
#ssh -fN -D *:PORT remote
su - USER -c "sleep 10; ssh -fN -D *:PORT remote" &

Or if you rather prefer to have a one minute delay and keep it as a watchdog

as user

crontab -e

* * * * * $HOME/bin/watchsocks.bash PORT REMOTESRV

Resources

Opening and closing an SSH tunnel in a shell script the smart way https://gist.github.com/scy/6781836

Can SSH be tunneled over HTTPS using thttpd? https://serverfault.com/questions/140945/can-ssh-be-tunneled-over-https-using-thttpd


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Copyright © 2024 Pierre-Philipp Braun