SSH Port Forwarding/ SSH Tunneling
SSH tunneling creates a secure connection between a local computer (host machine) and a remote machine (target machine) through which we can relay many services using an encrypted connection. There are three types of port forwarding commonly in use: local, remote and dynamic. Local port forwarding allows you to connect your computer to another server. This is an all you need to know guide to help you get started.
First we need to install and set up ssh on your computer. Linux distros come preinstalled with a ssh-client however you need to install a ssh-server on the target machine so that it can accept requests from the host over ssh. Windows users can get PuTTy from here. We’ll take a look at Windows clients later. For setting up ssh-server on a Linux machine (deb based distros):
sudo apt-get install openssh-server
or for rpm based distros:
After the server is installed you may need to restart the service and you’re good to go. Try this from the host machine to access the server:
Go to line number 5. It should read as:
Just restart the service before trying again.
Local Port Forwarding
In this article I’ll only talk about Local Port Forwarding.
This will allow you to forward your port to the targetPort from your localhost. What I’ll recommend is to create aliases for different hosts if you need to connect to many hosts so you don’t have to type in the command everytime. eg-
Another interesting feature of ssh is that it allows us to forward some GUI also. In order to forward GUI, we use X session forwarding by using the -X option:
Once logged in, you may run any program on the host and get the UI on your machine. However it may not work for all programs and you may need to tweak some settings. eg:
Scaring off newbies
If you wish to display a warning message to scare off newbies, this is an interesting hack. But I’m warning you that it doesn’t protects you against any ‘pro’ attackers so always be careful 😛
We’ll use a banner to display a warning message:
sudo vim /etc/ssh/sshd_config
Now go to Line number 72 and uncomment the line. It should now read as:
Now the message in issue.net will be displayed as warning so you may edit it directly:
Just don’t forget to restart the service and you’re good to go.
PuTTy for Windows
Select the connection type as SSH and enter the host IP and Port (22 mostly)
Browse to SSH -> Tunnels from the sidebar -> Remove the old forwarded port -> Add the new host address and the source port (see the image for reference)
You may save these settings for later. Just click on Open to establish a connection.
That would be all you should know about SSH Tunneling 🙂