Posts Tagged ‘SSH’

What is Remote SSH Tunneling

Posted: 07/09/2019 in Uncategorized
Tags:

What is Remote SSH Tunneling?

There are two different ways to make an SSH tunnel. They are Local and Remote Port Forwarding. Here we will be talking about the remote ssh tunnelling. Imagine that you belong to a company where there are plenty of internal websites available only inside the network of such company. But you are in need of getting connected to these websites from outside the network by a remote machine. What could be the solution?

This situation could be suitable for using a VPN to get connected to the network of the company without any hassles. This solution though requires some work which could be out of hand and cannot be established at the moment. Creating a reverse remote SSH tunnel is the perfect choice in this case.

Now, the command should get executed on the work machine to get connected to the remote device and let’s call it home machine. The connection should consider the home machine as a client and the work machine as the remote SSH server. Yet, why should the configuration be on the work machine in the first place? Because the outbound traffic is allowed while the incoming traffic is blocking.

The following command will work perfectly for the desired solution:
ssh -R 9001:intra-site.com:80 home (Executed from 'work')

Please note that in the previous code snippet shows that a remote port forwarding is used “R” and the port to be forwarded is 9001 on the home machine while the remote host is that intra-site.com. And of course, the port to which forwarding happens is 80, and it resides on the work machine. Now all the requests of the home machine to utilize port 9001 of the work machine will lead to a connection to that internal website.

On the home machine, typing the following URL will simply open the website from home with no magic: http://localhost:9001

It is important to note that the channel between the work and the internal site is just not encrypted traffic, yet the connection between the work machine and the home machine is of course encrypted using SSH channel.

How can remote HTTP Tunneling be performed using SSH? 

A remote SSH connection is to get established between a home machine and a work machine which can connect to the internal office server and any website there. Reading such documents could be done on the home machine as well through such remote SSH tunnel.

This enables anybody on the remote server to interface with TCP port 8080 on the remote server. The association will then be tunnelled back to the customer have, and the customer at that point makes a TCP association with port 80 on localhost. Some other hostname or IP address could be utilized rather than localhost to indicate the host to associate with.

Throughout the following lines, an HTTP connection is to get established between remote PC and client-server, where both machines do not belong to the same network. Let’s take the following five points for granted before we get to start essentially:

  1. There is an SSH server which is two Ethernet interface.
  2. The local IP address is 192.168.0.116
  3. While the IP address of the remote system is 192.168.0.100, residing outside of the network in the first place.
  4. The IP address of 192.168.10.1 is connected to another local network system of IP address of 192.168.10.2
  5. The Ubuntu client has the following IP address: 192.168.10.2

The following steps are to get followed for the sake of establishing the Remote SSH tunnelling:

  1. open the terminal and type the following command to get the network configuration:
    ifconfig
  2. The configuration of SSH server should now show that there are two IP addresses connected:
    192.168.0.116 and 192.168.10.1
  3. The configuration of SSH server should also appear after typing the command mentioned above. The following IP address should appear as running as an SSH client on Ubuntu:
    192.168.10.2
  4. On the remote desktop, the command line prompt (cmd) could be used to know the IP for it, it should show in our case the IP address of:
    192.168.0.100
  5. Because we are using for this case HTTP tunnelling, this means that the service will run on port 80 of Xampp server at localhost.
  6. If the website is WordPress, it shall then work on port 80.
  7. Such a website could be reached by the SSH server through the following URL then:
    http://192.168.0.100/index.html
  8. The remote desktop will be connected to through such URL. This only holds for devices on the same network. Yet, if each of them resides on a different network from the other, then it will cause a problem.
  9. Let’s verify this fact by trying to communicate with the URL of http://192.168.0.100/index.html on Ubuntu client which is on another network. This connection will not get established due to the dissimilarities of each one’s network.
  10. Make use of PuTTY software now to get a connection established between remote desktop and Ubuntu client.
  11. Under “Host Name (or IP address)”, get the IP of “192.168.0.116” typed.
  12. Under “Port” section, type “22”. And choose the connection type as “SSH”
  13. Now, navigate to “Tunnel” residing under “SSH” in the left part of the screen titled “Category”
  14. Under “Port forwarding”, get the first option marked. It is the option of “Local ports accept connections from other hosts”.
  15. Besides “Source Port” type “7000”
  16. Choose the “Destination” as “127.0.0.1:80”
  17. Choose the connection as “Remote”
  18. Press “Add” in order to get these changes applied.
  19. Finally, press “Open” after getting done with the last point.
  20. The connection between the remote pc and the Ubuntu client now will happen in two consecutive stages. First, a connection between remote pc and SSH will get established. Then, such server will connect the remote desktop to the Ubuntu client.
  21. Browsing now on the following URL: http://192.168.0.116:7000/index.html will yield into opening the WordPress website through connecting to the localhost of the remote desktop, starting the SSH server on port 7000.
  22. Now, this means that we have done the task successfully and both the remote desktop and the Ubuntu client became connected.

References

http://www.hackingarticles.in/beginner-guide-ssl-tunneling-dynamic-tunneling/

http://www.hackingarticles.in/perform-local-ssh-tunneling/

https://en.wikipedia.org/wiki/Tunneling_protocol

https://en.wikipedia.org/wiki/SOCKS

https://en.wikipedia.org/wiki/Comparison_of_proxifiers

https://en.wikipedia.org/wiki/TUN/TAP

http://www.hackingarticles.in/perform-remote-tunneling/

http://www.hackingarticles.in/beginner-guide-ssl-tunneling-dynamic-tunneling/

http://linux.byexamples.com/archives/115/ssh-dynamic-tunneling/

https://ypereirareis.github.io/blog/2016/09/19/ssh-tunnel-local-remote-port-forwarding/

https://coderwall.com/p/pmf0tw/understand-local-remote-and-dynamic-ssh-tunneling

http://www.hackingarticles.in/time-scheduling-ssh-port/

http://www.hackingarticles.in/web-server-exploitation-ssh-log-poisoning-lfi/

http://www.hackingarticles.in/metasploitable-3-exploitation-using-brute-forcing-ssh/

http://www.hackingarticles.in/secure-port-using-port-knocking/

https://chamibuddhika.wordpress.com/2012/03/21/ssh-tunnelling-explained/

https://en.wikipedia.org/wiki/RealVNC

https://nmap.org/

http://resources.infosecinstitute.com/metasploitable-2-walkthrough/#gref

https://www.vulnhub.com/entry/metasploitable-2,29/

https://github.com/rapid7/metasploitable3

https://infosecaddicts.com/

Advertisements

SSH: short for Secure Shell, SSH (developed by SSH Communications Security Ltd.) is a secure protocol for remote logins. Using an SSH client, a user can connect to a server to transfer information in a more secure manner than other methods, such as telnet. Below is an example of how an SSH session, which uses a command line interface, may look. SSH defaults to port 22.

Modify the SSH remote login port to 9999

# vi /etc/ssh/sshd_config
Port 9999
# service sshd restart

Add a port to the firewall

The default iptables only open port 22 for ssh service, the use of additional ports such as 9999 need to add this port to a white list in iptables. If you don’t add this port, you will not connect to the SSH server.

# iptables -I INPUT -p tcp –dport 9999 -j ACCEPT
# iptables -A INPUT -p tcp –dport 9999 -j ACCEPT
#service iptables save

You need to save the command to the iptables configuration file

iptables-save >/etc/sysconfig/iptables