Understanding of SSH port forwarding (elite)

have been tangled up in what is Port forwarding, now write down your own understanding, and experiment with local ports, remote port forwarding

SSH (Secure shell, Security shell Protocol), The transfer of data on the SSH channel is encrypted, and each SSH connection performs a fingerprint check to confirm that the user is connected to the correct remote host, and if the data in the other protocol is forwarded over the SSH port, the SSH connection is the channel (tunnel) that is transmitted as the other protocol. This approach is also called SSH port forwarding or SSH tunneling.

Function: Encrypt data transfer, break firewall limit

Category: Local forwarding, remote forwarding, dynamic forwarding

One, local port forwarding

local forwarding in local refers to the local port forwarding to a port to another host, so that when our program connects to the local port, actually indirectly connected to a port on another host, When we send the packet to this port, the packet is automatically forwarded to the remote port.

Command syntax:ssh-l [Bind-address:]port:host:hostport server_address

Explanation: bind_address represents the IP (bound address) of the local host, which is for the system has more than one NIC, does not specify the default is 127.0.0.1

PORT: Local host Specifies the ports to listen on

Host: IP for remote host

Hostport: Specifies the port of the remote host, if the remote host is HTTP, is 80,ftp (21) ...

Server_address: The IP of the remote host, or another IP that can be accessed to the remote host (which we understand through experimentation)

There are several additional parameters to know:

-L: Specifies that the specified port on the local (client) host is forwarded to a given remote host and port

-N: Do not execute remote instruction

-F: Performed in the background

Experiment: Host A (192.168.31.100), Host B (192.168.31.150), Host C (192.168.31.163) three hosts

A, B, C can all be connected to each other

Execute command on Host A: # ssh-nf-l 192.168.31.100:7900:192.168.31.163:22 192.168.31.150

It is important to note that in this case we have selected 7900 port as the local listening port, when selecting the port number to note that the non-administrator account is not authorized to bind 1-1023 port, so generally choose a 1024-65535 and unused port number.

When we finish this command, we find that the terminal is unresponsive, because it is executed in the background, how do we know if port forwarding is turned on?

netstat-nt: List ports for TCP network data

NETSTAT-NTLP: List The network connection ports and PID that the system is listening on

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/5B/66/wKioL1UIPAyCPiOxAANP64rkxog089.jpg "title=" QQ picture 20150314151110.png "Width=" "height=" 307 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" WIDTH:750PX;HEIGHT:307PX; " alt= "Wkiol1uipaycpioxaanp64rkxog089.jpg"/>

We found that host A's 7900 port has been monitored, is ssh (SSH is the customer service side) monitoring, and 192.168.31.150 (Host B) to establish an SSH tunnel, and we know that Host B and host C is capable of communication, we can access through host a port, in fact, is indirectly with Host B in Access, in order to effect we can use host C access to host A: (-P: is the specified remote port)

Execute on Host C: SSH 192.168.31.100-p 7900 (if there is no tunnel before, host C login Host A, the IP of the login must be host C IP, after the tunnel, through host a port and Host B tunnel, is host B in the login IP)

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/5B/6C/wKiom1UIRB3T1G7FAAK_ryI12JY748.jpg "title=" QQ picture 20150314151110.png "width=" 780 "height=" 231 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:780px;height:231px; " alt= "Wkiom1uirb3t1g7faak_ryi12jy748.jpg"/>

Above we speak of command syntax:ssh-l [Bind-address:]port:host:hostport server_address

Server_address can be different from host, or it can be the same

# ssh-nf-l 192.168.31.100 : 7900 : 192.168.31.163 : A 192.168.31.163

The above means that "192.168.31.100" and "192.168.31.163" establish an SSH tunnel,

As long as it is accessed by 192.168.31.100 the "port" of this host, it is equivalent to 192.168.31.163 the host is accessing

Experiment Two: Host C (192.168.31.163) does not allow host a access, but allows Host B access, through the SSH tunnel to achieve a access C

Build the environment: on Host C in order to not allow host a access, you can add a line in the/etc/hosts.deny configuration file: "sshd:192.168.31.100", plus the IP of host a can 650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M00/5B/67/wKioL1UIVrTD9YhWAACV5wBYp-0627.jpg "title=" qq picture 20150314151110.png "alt=" Wkiol1uivrtd9yhwaacv5wbyp-0627.jpg "/> the connection has been closed

Environment set up, we do on host a: ssh-nf-l 192.168.31.100:9000:192.168.31.163: 22 192.168.31.163

Tunnel has, we are denied access to host A on the execution: Ssh-p 9000 192.168.31.100 (meaning to connect host a 9000 port, and 9000 port and Host B is connected to a tunnel, when using host A's 9000 port access, is the Host B access, So host A is forbidden to access it anyway)

Finally, you need to be reminded that if you want to close an SSH tunnel, you can kill the related process with kill, and the specified connection will be closed when the tunnel is closed.

Second, remote port forwarding can be implemented to access the intranet

SSH Remote port forwarding:

Remote forwarding is similar to local, but the difference is that local forwarding is a port specified on the local host, and remote forwarding is a port that is specified on a remote host to forward connections to that port to the local port. Essentially, the difference is whether the port that needs to be forwarded is on the remote host or the local host mountain.

However, the command options used by remote forwarding are also different:

Ssh-r [Bind-address:]post:host:hostport server_address

It is important to note that:

BIND-ADDRESS specifies a remote host IP, not a native

PORT: Remote host Specifies the ports to listen on

Host: The hosts you need to access

Hostport: Specifies the port of the host being accessed

Server_address: remote host and who? Established the tunnel, specifying who

We all know the intranet through the router (SNAT) can access the external network, the outside network is inaccessible to the intranet, we use SSH to achieve access to the intranet, to build this environment, I first think of the VMware NAT mode, I set host C NAT mode

Host a:192.168.31.100 (External network)

Host b:192.168.31.150 (External network)

Host c:192.168.200.133 (intranet)

Execute command on Host C: Ssh-nf-r 192.168.31.150:9000:192.168.200.133:22 192.168.31.150

Netstat-nt:

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/5B/6D/wKiom1UIZ-KwaYHRAAESbIS9Jog454.jpg "title=" QQ picture 20150314151110.png "alt=" wkiom1uiz-kwayhraaesbis9jog454.jpg "/> Host C has established a tunnel with 192.168.31.150 (Host B)

At this point you do NETSTAT-NTLP on host C and there is no listening on the 9000 port, because you are on the other side of the host open a port, you need to perform NETSTAT-NTLP on Host B :

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/5B/67/wKioL1UIaZmwEFpuAAG395uWnjI642.jpg "title=" QQ picture 20150314151110.png "width=" 780 "height=" 197 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" WIDTH:780PX;HEIGHT:197PX; " alt= "Wkiol1uiazmwefpuaag395uwnji642.jpg"/>

What do you mean, we found out, 127.0.0.1:9000? This refers to the machine, and does not arbitrarily specify an IP, so too dangerous, the back becomes sshd monitoring, is the SSH server, so we also called reverse tunnel.

On the external network Host B: Ssh-p 9000 127.0.0.1

The main no longer is SSH-P 9000 192.168.31.150, complete

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/5B/6D/wKiom1UIbWrgWnbFAAMqHYooLYg837.jpg "title=" QQ picture 20150314151110.png "alt=" Wkiom1uibwrgwnbfaamqhyoolyg837.jpg "/>

This article is from "Xiao Xu" blog, please be sure to keep this source http://loopholes.blog.51cto.com/9445813/1621786

Understanding of SSH port forwarding (elite)