zeldor.biz

Linux, programming and more

Copyright © 2023
Log in

SSH Tunnel

May 11, 2011 by Igor Drobot Leave a Comment

SSH-tunnels are very useful to access server or PCs behind firewall. Normally these components are behind NAT and have only a LAN-IP. To access them you will need to create a DNAT rule but this possibility is not secure like SSH protocol.

To create a ssh tunnel you need only a running ssh-server on the firewall of your destination site.

Example one:
Create ssh tunnel to access the RDP Port on LAN-PC 192.168.1.10

From laptop(172.16.100.56) issue this command to create a ssh tunnel to your home PC:

1
ssh -N -L 4652:192.168.1.10:3389 root@188.40.116.226

ssh -N -L 4652:192.168.1.10:3389 root@188.40.116.226

After you type in your password you will be able to connect to RDP: localhost:4652

OR this method:

1
ssh -N -L 172.16.100.56:80:192.168.1.10:80 root@188.40.116.226

ssh -N -L 172.16.100.56:80:192.168.1.10:80 root@188.40.116.226

After you type in your password you will be able to connect to HTTP: http://172.16.100.56/

Example two:
Create a reverse ssh tunnel from laptop(172.16.100.56) to your home firewall. This will allow you, to access the ssh port of your laptop from your firewall.

1
ssh -NXC -R 42005:localhost:22 root@188.40.116.226

ssh -NXC -R 42005:localhost:22 root@188.40.116.226

From the firewall at home you will be able to access your laptop ssh port:

1
ssh -p 42005 username@localhost

ssh -p 42005 username@localhost

Extended example two:
This is only a extended example two, with this reverse tunnel you will be able to access your laptop ssh port from everywhere.

1
ssh -NXC -R 188.40.116.226:42005:localhost:22 root@188.40.116.226

ssh -NXC -R 188.40.116.226:42005:localhost:22 root@188.40.116.226

Access the port 22 on your laptop at work:

1
ssh -p 42005 username@188.40.116.226

ssh -p 42005 username@188.40.116.226

Enable GatewayPorts yes in yoursshd_config to use ssh tunneling.

Conclusion:
– you don’t need a VPN between two LANS
– unsecure protocols can be simple run over secure shell
– firewall worm

Filed Under: Linux Tagged With: Reverse Shell, reverse tunnel, SSH Tunnel

Categories

Archives

Tags

apache2 Apple arduino ARM Automation backup bash Cisco Cluster Corosync Database Debian Debian squeeze DIY DNS Fedora FTP Fun Icinga Ipv6 KVM Linux LVM MAC OS X Monitoring MySQL Nagios Nginx openSUSE OpenVPN PHP Proxy Python python3 qemu RAID rsync Samba security ssh Ubuntu virtualization Windows Windows 7 Wordpress

Leave a Reply

Your email address will not be published. Required fields are marked *