SSH Tunneling


SSH Tunneling





It is basically a way to allow one system or service to tunnel to remote system or service Remotely.

What it means is

I am going to make a connection in one location and it automatically going to forward or tunnel over SSH to different location.

It allows us...for example ...to get around things like Firewalls that may restrict me  either in hotel or work ... wireless access points or other items that may be less secure or more restrictive.....

It allows us to securely run a service  that i might not otherwsie be  able to run.

Example: I can run localhost connection that actually tunnels out to our remote host.

It is very easy to setup ...we need localhost + local port and remotehost + remote port

Local Machine:

[root@bharath bharath]# hostname
bharath.local.machine
[root@bharath bharath]#


Remote Machien: Remote Machine IP: 54.165.30.239

[root@bharath bharath]# hostname
bharath.remote.machine
[root@bharath bharath]#

What i am going to do is... i want my local connection  & would like to be connect some other port( other than 22 ... any lets say 22222 ) and it   automatically forward to remote machine(bharath.remote.machine)  with remote port 22(SSH port).

In summary.... If I connect to localhost port 22222  and in background it actually connects to the remote machine on port 22 .


[bharath@bharath3 ~]$ hostname
bharath.local.machine
[bharath@bharath3 ~]$

[bharath@bharath3 ~]$ ssh -f -L 22222:54.165.30.239:22 localhost -N

The authenticity of host 'localhost (127.0.0.1)' can't be established.
RSA key fingerprint is 0e:f0:fe:af:1d:7d:c9:38:1a:e0:98:17:07:ec:29:fa.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
Password: XXXX

If you don't want to ask the password while tunnelling  ... what you have to do is ssh-key exchange to yourself(localhost) ....add a ssh-copyid to localhost itself as below...

#ssh-keygen
#ssh-copy-id localhost


$ ssh -f -L 22222:54.165.30.239:22 localhost -N

-f  ==> Forward  the connection 

-L ==> Local connection 

to be establish on port 22222 and then Remote machine IP (54.165.30.239- name of host) and remote port (22)  and then local system that I wanted to alias for which in our case its localhost

-N ==>  just says don't execute the command on remote system.


That's it SSH tunnel done , if you just grep for the SSH you can see as below...


[bharath@bharath3 ~]$ ps aux | grep ssh
root       795  0.0  0.2  66620  1232 ?        Ss   09:24   0:00 /usr/sbin/sshd
root      1163  0.0  0.6  94180  4172 ?        Ss   09:26   0:00 sshd: bharath [priv]
bharath   1168  0.0  0.2  94180  1788 ?        S    09:26   0:00 sshd: bharath@pts/0
root      2526  0.0  0.6  94176  3796 ?        Ss   10:05   0:00 sshd: bharath [priv]
bharath   2531  0.0  0.1  60240  1004 ?        Ss   10:05   0:00 ssh -f -L 22222:54.165.30.239:22 localhost -N
bharath   2532  0.0  0.2  94176  1700 ?        S    10:05   0:00 sshd: bharath
bharath   2551  0.0  0.1 103248   948 pts/0    S+   10:11   0:00 grep --color=auto ssh
[bharath@bharath3 ~]$



Lemme connect using the port 22222 as below....just see what happened 


[bharath@bharath3 ~]$ hostname
bharath.local.machine

[bharath@bharath3 ~]$ ssh -p 22222 bharath@localhost
The authenticity of host '[localhost]:22222 ([127.0.0.1]:22222)' can't be established.
RSA key fingerprint is 1a:c1:1d:5d:6b:1a:c0:8d:71:ea:27:57:45:70:89:4f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[localhost]:22222' (RSA) to the list of known hosts.
Password:XXXXX
Last login: Fri Nov 13 09:50:34 2015 from ec2-54-152-161-44.compute-1.amazonaws.com

       __|  __|_  )
       _|  (     /   Amazon Linux AMI
      ___|\___|___|
https://aws.amazon.com/amazon-linux-ami/2015.09-release-notes/
10 package(s) needed for security, out of 13 available
Run "sudo yum update" to apply all updates.

[bharath@bharath ~]$ hostname
bharath.remote.machine
[bharath@bharath ~]$



Tunnelling with out asking password:

[bharath@bharath .ssh]$ ssh-keygen

Generating public/private rsa key pair.
Enter file in which to save the key (/home/bharath/.ssh/id_rsa):
/home/bharath/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/bharath/.ssh/id_rsa.
Your public key has been saved in /home/bharath/.ssh/id_rsa.pub.
The key fingerprint is:
53:71:1e:a3:4e:ac:1a:24:87:9a:a1:16:b1:b7:65:fc bharath@bharath.local.machine
The key's randomart image is:
+--[ RSA 2048]----+
| .        . +    |
|  o ..   . = o   |
| o..o+o   = .    |
| .o+++.  =       |
|..o.  .ES .      |
|.      o .       |
|      .          |
|                 |
|                 |
+-----------------+

[bharath@bharath .ssh]$ ssh-copy-id localhost

Password:
sudo: sorry, you must have a tty to run sudo
sudo: sorry, you must have a tty to run sudo
Now try logging into the machine, with "ssh 'localhost'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

[bharath@bharath .ssh]$ ssh -f -L 33333:54.165.30.239:22 localhost -N
[bharath@bharath .ssh]$

Now just telnet  the port 33333 as below , in background it shown openSSH connection only

[bharath@bharath .ssh]$ hostname
bharath.local.machine


[bharath@bharath .ssh]$ telnet localhost 33333
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SSH-2.0-OpenSSH_6.6.1

Now just connect to port 33333 from local then you automatically connected to the remote machine(54.165.30.239) with port 22 as below..


[bharath@bharath .ssh]$ ssh -p 33333 bharath@localhost
Password:
Last login: Fri Nov 13 10:35:31 2015 from ec2-54-152-161-44.compute-1.amazonaws.com

       __|  __|_  )
       _|  (     /   Amazon Linux AMI
      ___|\___|___|

https://aws.amazon.com/amazon-linux-ami/2015.09-release-notes/
10 package(s) needed for security, out of 13 available
Run "sudo yum update" to apply all updates.
[bharath@bharath ~]$ hostname
bharath.remote.machine
[bharath@bharath ~]$

The main use of SSH tunnelling is

Now i can use the tunnelled system(i.e. bharath.remote.machine) as a gateway for my local network to my another remote network....
So if i have other clients that i want to use... i can ssh into this server ( tunnelled machine i.e.  bharath.remote.machine) on port 33333 and connect through that my another remote host...
So all the traffic looks to be coming from and to on my  local network on port 3333 between my client and this particular server(tunnelled machine i.e.  bharath.remote.machine). But its actually been forwarded to another remote host.  

SSH tunnelling is to bypass certain type of restrictions. 

I can set this up for home for example , so that i could have SSH listening on port 80 to restrict port 22 ;) ;) ;) ;)

like  ssh -f -L 80:<<HOME_IP>>:22 localhost -N 

like 

[bharath@bharath .ssh]$ telnet localhost 80
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SSH-2.0-OpenSSH_6.6.1








Comments

  1. I wish to show thanks to you just for bailing me out of this particular trouble.As a result of checking through the net and meeting techniques that were not productive, I thought my life was done.
    Devops Training in Bangalore

    ReplyDelete

Post a Comment

Popular posts from this blog

How to check the hardware information in Linux Systems?

All About Amazon Web Services(AWS)

Ansible for Devops