SSH tunneling and port forwarding and Intranet penetration

Source: Internet
Author: User
Tags free ssh ssh server

As we all know, SSH is a secure transmission protocol, which is used on many connected servers. However, in addition to this function, its tunnel forwarding function is even more attractive. The following are some of my experiences with your actual operations based on your needs and the information you find online.
SSH/plinkCommand basic information:
Ssh-C-f-N-g-L listen_port: DST_Host: DST_port user @ Tunnel_Host
Ssh-C-f-N-g-R listen_port: DST_Host: DST_port user @ Tunnel_Host
Ssh-C-f-N-g-D listen_port user @ Tunnel_Host
Description of related parameters:
-F Fork into background after authentication.
The user/password for background authentication, usually used with-N. You do not need to log on to the remote host.
-L port: host: hostport
Forward a port of the Local Machine (client) to the specified port of the remote specified machine. the working principle is as follows: a socket listening port is allocated on the local machine. Once a connection is established on the port, the connection is forwarded through a secure channel, at the same time, the remote host establishes a connection with the host's hostport. you can specify port forwarding in the configuration file. only the root user can forward the privileged port. description of IPv6 address in another format: port/host/hostport
-R port: host: hostport
Forward a port of the remote host (server) to the specified port of the local host. the working principle is as follows: a socket listening port is assigned to the remote host. Once a connection is established on the port, the connection goes through the secure channel, establish a connection between the local host and the host's hostport. you can specify port forwarding in the configuration file. only the root user can log on to the remote host to forward the privileged port. description of IPv6 address in another format: port/host/hostport
-D port
Specifies a Local Machine "dynamic'' application port forwarding. the working principle is as follows: a socket listening port is allocated on the local machine. Once a connection is established on the port, the connection is forwarded through a secure channel, based on the application protocol, you can determine where the remote host will be connected. currently, the SOCKS4 protocol is supported and will act as the SOCKS4 server. only the root user can forward the privileged port. you can specify dynamic port forwarding in the configuration file.
-C Enable compression.
Compressed data transmission.
-N Do not execute a shell or command.
Do not execute scripts or commands, usually used with-f.
-G Allow remote hosts to connect to forwarded ports.
In the-L/-R/-D parameter, the remote host is allowed to connect to the forwarding port established. If this parameter is not added, only the local host is allowed to establish a connection. Note: This parameter does not seem to work in practice.
Example of creating a local SSH Tunnel
Before we plan to establish a local SSH tunnel, we must understand the following data:
1. IP address of intermediate server d
2. IP address of server c
3. Access the port of server c
Now, let's take the figure above into detail and add IP addresses to these machines. The following figure shows our plan:
 
1. Access the FTP service of 234.234.234.234, that is, port 21.
2. The intermediate server is 123.123.123.123.
Now we use the following command to achieve our goal.
1. ssh-N-f-L 212:234. 234.234.234: 21 123.123.123.123
2. ftp localhost: 2121 # access the local port 2121 to connect to port 21 of 234.234.234.234.
Here we use the three parameters of the SSH client. Here we will explain them one by one:
·-N tells the SSH client that no command is required for this connection. Only port forwarding
·-F tells the SSH client to run in the background
·-L local ing port. The three parts separated by colons are described as follows:
· Local port number to be used
· IP address of the target machine to be accessed (IP: 234.234.234.234)
· Target machine port to be accessed (Port: 21)
· The last parameter is the IP address of the intermediate machine we used to establish the tunnel (IP: 123.123.123.123)
Let's repeat the-L parameter behavior. -L x: Y: Z indicates that port Z of the machine whose IP address is Y is mapped to port X of the local machine through the intermediate server.
After the command is successfully executed, we have the ability to bypass the company's firewall and successfully access one of our favorite FTP servers.
How to Establish a remote SSH Tunnel
By establishing a local SSH tunnel, we successfully bypassed the firewall and began to download FTP resources. What should we do if we want to check the download progress while we are at home? Most companies access the Internet through routers, and internal machines in the company are not directly connected to the Internet, that is, they cannot access the Internet directly. It is impossible to access machine a in the company through the line D-B-A. Maybe you have noticed that although the D-B-A connection in this direction does not work, but the A-B-D connection in this direction is no problem. So, can we use a connection that has been connected to the A-B-D direction of access to complete the D-B-A direction? The answer is yes. This is the purpose of the remote SSH tunnel.
Like local SSH, we need to know the following parameters before establishing a remote SSH tunnel:
· IP address of the remote machine that needs to access the internal machine (123.123.123.123)
· IP addresses of internal machines that need remote access (the IP address is 127.0.0.1 because the local machine is mapped out)
· The port number of the internal machine to be accessed by the remote machine (Port: 22)
After clarifying the above parameters, we can use the following command to establish a remote SSH tunnel.
1. ssh-N-f-R 2222:127. 0.0.1: 22 123.123.123.123
Now, we can use the following command on the machine whose IP address is 123.123.123 to log on to the host whose IP address is 192.168.0.100.
1. ssh-p 2222 localhost
-N and-f parameters are described in the local SSH tunnel. Here we will focus on the parameter-R. The three parts of this parameter are described as follows:
· Port used by remote machines (2222)
· IP address of the internal machine to be mapped (127.0.0.1)
· Port of the internal machine to be mapped (22)
For example,-r x: Y: Z maps the Z port of our internal Y machine to the X port of the remote machine.
Several tips for creating an SSH Tunnel
Automatic Reconnection
The tunnel may be disconnected for some reason, for example, the machine is restarted and the router is cut off without data communication for a long time. Therefore, we can use a program to control the reconnection of the tunnel. For example, a simple loop or djb's daemontools. No matter which method is used, we should avoid program freezing due to password input during reconnection. For more information about how to securely avoid password input, see how to implement secure password-free ssh login. Note that if you use another program to control the tunnel connection, you should avoid placing the SSH client in the background for execution, that is, removing the-f parameter.
Persistent connection
Some routers will disconnect connections without communication for a long time. The TCPKeepAlive option of the SSH client can avoid this problem. It is enabled by default. If it is disabled, add-o TCPKeepAlive = yes to the ssh command.
Another method is to remove the-N parameter and add a command that regularly produces output. For example, top or vmstat. The following is an example of this method:
1. ssh-R 2222: localhost: 22 123.123.123.123 "vmstat 30"
Check tunnel status
Sometimes the tunnel gets stuck due to poor communication for some reasons. For example, the router is in the stalled state due to the large amount of data transmitted. In this case, the SSH client is stuck in the client instead of exiting. One solution is to use the ServerAliveInterval and ServerAliveCountMax options of the SSH client. ServerAliveInterval sends a request to the server for a response after the tunnel has no communication. If the server fails to respond after the ServerAliveCountMax request, the SSH client will automatically disconnect and exit, and give control to your monitoring program. The two options are set by adding-o ServerAliveInterval = n and-o ServerAliveCountMax = m during ssh. N and m can be customized.
How to bind a port to an external address
Using the above method, the mapped port can only be bound to the interface 127.0.0.1. That is to say, it can only be accessed by the local machine itself. How can other machines access this port? We can bind the mapped port to the 0.0.0.0 interface by adding the-B 0.0.0.0 parameter. You also need to enable the "GatewayPorts" option on the SSH server. It should be opened by default. If it is disabled, you can change GatewayPorts no to GatewayPorts yes in/etc/sshd_config to open it.
Create a SOCKS Server through an SSH Tunnel
If we need to use an intermediate server to access a lot of resources, it is obvious that ing is not a clever method (in fact, it is actually not used in this method ). Fortunately, the SSH client provides us with the ability to create a SOCKS Server through an SSH tunnel.
The following command creates a SOCKS Server through 123.123.123.123.
1. ssh-N-f-D 1080 123.123.123 # bind the port to 127.0.0.1
2. ssh-N-f-D 0.0.0.0: 1080 123.123.123.123 # bind the port to 0.0.0.0
SOCKS servers created through SSH use the SOCKS5 protocol. Pay special attention when setting a sos5 proxy for applications.
 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.