chtefi
7/7/2017 - 11:47 AM

ssh tunneling

ssh tunneling

ssh.md
content_copyfile_download
  • Rendered
  • Source

-L: local port forwarding

There is a database on postgres.prod only accessible through another server protected by ssh. We can connect to the db, using the ssh server as an intermediate, while being outside of the network!

# ssh -L 9999:postgres.prod:5432 extranet

This acts as a normal ssh, it stays up as long as we don't quit our session.

Now, from localhost, i can connect to localhost:9999. The packets will flow through extranet then sent to postgres.prod:5432.

Awesome.

Note it can also be forward a port listening on the sshd machine itself, using localhost:

# ssh -L 9999:localhost:5432 extranet

one local port to one remote port.

-R: remote port forwarding

The other side away: we want the remote server to have access to our local server (while local connecting to it, not the other server connecting to us).

$ ssh -R 9876:localhost:3000 osmc
osmc@osmc:~$ curl localhost:9876
<!doctype html>
...

In this case, while on osmc, I can connect to :9876 that will display my localhost:3000.

one remote port to one local port.

-D: create a local proxy to forward everything

It's possible to create a generic proxy on localhost that will forward everything (on any port) to the other server.

$ ssh -D 9876 osmc
osmc@osmc:~$

This create an application (a proxy client) listening on :9876 on localhost. Nothing more.

Now, any local application or the whole system can forward all its requests to this proxy, instead of its normal router/internet gateway. (LAN settings: SOCKS server: localhost:9876).

For instance, for Chrome only to use it:

--proxy-server="socks5://localhost:9876"
--host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE localhost"

--host-resolver-rules avoids to leak DNS queries outside of the proxy (default), and still use the proxy for them. (in previous version, 0.0.0.0 was used in place of ~NOTFOUND)

one local port where a proxy is listening

-N: do not even give me a prompt!

Note that it's useful to add -N to not even get a prompt: ssh will just won't return, and won't show the prompt. (non interactive mode)