SSH Tunneling

ssh-tunneling.jpg
ssh-tunneling.jpg

About

SSH tun­nel­ing is a method of trans­port­ing ar­bi­trary net­work­ing data over an en­crypted SSH con­nec­tion. It can be used for se­cure com­mu­ni­ca­tions or to by­pass fire­walls.

Mode of Port Forwarding

  • Local Port Forwarding
  • Remote Port Forwarding
  • Dynamic Port Forwarding

SSH Useful Arguments

OptionDescription
-NThis option tells SSH not to execute a remote command after establishing the connection. Instead, it just sets up the connection and then waits for further instructions. This can be useful for setting up port forwarding or other types of connections where no remote command needs to be executed.
-fThis option runs the SSH client in the background after authentication. This allows the user to continue using the terminal while the SSH session is running in the background. This can be useful for long-running sessions or when multiple sessions need to be established simultaneously.

Sample Scenarios

Note: All di­a­grams from Ivan Velichko

  1. Local Port Forwarding:

    This is the most com­mon type of SSH tun­nel­ing, for­ward­ing a lo­cal port to a re­mote one.

ssh -L local_port:remote_host:remote_port user@ssh_server
Example01:

local-port-forwarding-bastion-2000-opt.png
local-port-forwarding-bastion-2000-opt.png

ssh -N -L 8443:10.2.2.254:8006 user@10.2.2.2
OptionDescription
-LLocal port forwarding configuration
8443:10.2.2.254:8006Forward connections to port 8443 on the local machine to port 8006 on the remote machine 10.2.2.254
user@10.2.2.2Username and hostname of the remote server
Note: 0.0.0.0:8443:10.2.2.254:8006, which 0.0.0.0 means lis­ten­ing on all avail­able net­work in­ter­faces.

2023-07-19_103836.png
2023-07-19_103836.png

The ser­vice run­ning on port 8443 can be ac­cessed from the server area server by lo­cal­host.

Example02:

local-port-forwarding-2000-opt.png
local-port-forwarding-2000-opt.png

ssh -N -L 5201:localhost:5201 user@ssh_server

2023-07-19_105519.png
2023-07-19_105519.png

A port `5201' test was suc­cess­fully con­ducted on lo­cal­host af­ter bind­ing the port.

  1. Remote Port Forwarding:

    This al­lows you to for­ward a re­mote port to a lo­cal one.

For se­cu­rity rea­sons, Re­mote Port For­ward­ing is only bound to the lo­cal­host of the SSH Server by de­fault. To en­able ex­ter­nal con­nec­tions, the con­fig­u­ra­tion file of the SSH Server needs to be amended
sudo sh -c 'echo "GatewayPorts yes" >> /etc/ssh/sshd_config.d/GatewayPorts.conf'
sudo service sshd restart

Restart the SSH dae­mon for the mod­i­fi­ca­tions to take ef­fect.

remote-port-forwarding-2000-opt.png
remote-port-forwarding-2000-opt.png

ssh -N -R remote_port:local_host:local_port user@ssh_server
Example01:
ssh -N -R 8080:localhost:8000 user@10.2.2.2
OptionDescription
-RRemote port forwarding configuration
8080:localhost:8000Forward connections to port 8080 on the remote server to port 8000 on the local machine, binding to localhost
user@10.2.2.2Hostname or IP address of the remote server

2023-07-19_113526.png
2023-07-19_113526.png

A sim­ple HTTP server has been set up on lo­cal­host with port 8000.

2023-07-19_113559.png
2023-07-19_113559.png

The re­mote client (10.2.2.x) can ac­cess the HTTP server run­ning on port 8080.

remote-port-forwarding-home-network-2000-opt.png
remote-port-forwarding-home-network-2000-opt.png

Example02:
ssh -N -R 8443:10.10.10.254:443 user@ssh_server
OptionDescription
-RRemote port forwarding configuration
8443:10.10.10.254:443Forward connections to port 8443 on the remote server to port 443 on the machine with IP address 10.10.10.254
user@ssh_serverUsername and hostname of the SSH server

2023-07-19_112905.png
2023-07-19_112905.png

The SSH server is for­ward­ing traf­fic from port 443 on the lo­cal area PC with IP ad­dress 10.10.10.254 to port 8443 on the SSH server.

2023-07-19_112918.png
2023-07-19_112918.png

The ser­vice on port 8443 can be ac­cessed from the server area PC.

  1. Dynamic Port Forwarding:

    This can be used to cre­ate a SOCKS proxy which can be used with ap­pli­ca­tions con­fig­ured to use SOCKS.

ssh -D local_port user@ssh_server
Example01:
ssh -N -D 8244 user@ssh_server
OptionDescription
-DLocal SOCKS proxy port configuration
8244Local SOCKS proxy port to use
user@ssh_serverUsername and hostname of the SSH server

i. The method of rout­ing browser traf­fic through a SOCKS5 proxy us­ing a plug-in(Switchy­Omega).

2023-07-18_133142.png
2023-07-18_133142.png

2023-07-18_133219.png
2023-07-18_133219.png

ii. The method of Linux ter­mi­nal traf­fic through socks5 proxy

export http_proxy=socks5://127.0.0.1:8244
export https_proxy=socks5://127.0.0.1:8244

This tells ap­pli­ca­tions that use the HTTP(s) pro­to­col to use the spec­i­fied SOCKS5 proxy server for their con­nec­tions.

export ALL_PROXY=socks5://127.0.0.1:8244

This tells all ap­pli­ca­tions to use the spec­i­fied SOCKS5 proxy server for their con­nec­tions, re­gard­less of the pro­to­col.

Conclusion

SSH tun­nel­ing pro­vides a pow­er­ful and flex­i­ble way to se­curely trans­fer data over an un­se­cured net­work. By us­ing SSH tun­nel­ing, we can ac­cess re­mote re­sources se­curely and ef­fi­ciently, with­out hav­ing to worry about eaves­drop­ping or other se­cu­rity threats.

Reference

-A Visual Guide to SSH Tunnels: Local and Remote Port Forwarding
-SSH Tunnel 通道打造加密 Proxy,透過外部 Linux 伺服器上網
-SSH Tunneling (Port Forwarding) 詳解