SSH Tunneling and Proxying

Introduction:

SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network.

Secure Shell provides strong password authentication and public key authentication, as well as encrypted data communications between two computers connecting over an open network, such as the internet.

SSH tunneling is a method of transporting arbitrary networking data over an encrypted SSH connection. It can be used for numerous reasons mainly to add encryption to legacy applications, to be used as virtual private network and access intranet services across firewalls. It also provides a way to secure the data traffic of any given application using port forwarding, basically tunneling any TCP/IP port over SSH. This means that the application data traffic is directed to flow inside an encrypted SSH connection so that it cannot be eavesdropped or intercepted while it is in transit.

Prerequisites:

  1. SSH server listening for SSH connections, (X11Forwarding must be enabled, you can check it in sshd config file)
  2. SSH client to forward traffic from a local listening port, through the SSH server, to the application server
  3. Destination server offering services (http, vnc, etc.)

The SSH server and the destination server can be on the same machine or on different machines accessible via network. Below diagram depicts the SSH server and the application servers are on different machine and connected on network and the client machine is accessing the SSH server via internet.

"ssh tunnel scenario" described where ssh client is used to access ssh server and then tunneling is used to access vnc server using ssh tunnel
ssh client is connected to ssh server via ssh over unsecured network. VNC Server is connected to ssh server via LAN

Let’s create a setup where client wants to connect to a service that does not natively use encryption but does not want the traffic to be sent unencrypted through the Internet. The environment for this scenario is as below.

SSH server: SSH is listening on port 22 at IP address 192.168.1.1

Destination server: VNC service is listening on port 5900 at IP address 192.168.1.2

Client machine: SSH and VNC clients installed

Creating Tunnel using PuTTY:

  1. Open the PuTTY client user interface
  2. In the Session window, under “Basic options for your PuTTY session”, enter the IP address and listening port for the SSH server as can be seen in the below image:
putty is used to access ssh server 192.168.1.1
PuTTy accessing ssh server over IP 192.168.1.1

3. In the left pane, select Connection->SSH->Tunnel

ssh tunnel using putty by selecting SSH and then Tunnels
select SSH —> Tunnels

4. Under “Options controlling SSH port forwarding”, enter the following settings.

5. Source port: Pick an arbitrary port, not in use on your client; the example uses 1590.

6. Destination: IP address and listening port for the destination server, 192.168.1.2:5900.

Options controlling ssh port forwarding using putty
enter source port 1590, and Destination 192.168.1.2:5900

7. Leave “Local” and “Auto” radio buttons selected.

8. Click “Add” to save these settings.

9. Click “Open” to create the SSH tunnel. Enter your username and password for the SSH server when prompted.

Creating SSH tunnel using OPENSSH:

SSH tunnel can be created using below command using OPENSSH client.

ssh -L 1590:192.168.1.2:5900 192.168.1.1

Here  -L 1590  indicates the Local Port

192.168.1.2:5900 indicates the IP and port of the destination server

192.168.1.1 Indicates the SSH server IP address

After entering the command login using your credentials to the SSH Server.

Connecting the VNC service using SSH Tunnel:

After successful login to the SSH Server configure your VNC Client to login to the destination server using Local port.

Use the local Loopback address 127.0.0.1 and port 1590

vnc viewer used to connect to vncserver, in this case vnc viewer is accessing the vncserver using ssh tunnel
VNC Viewer: enter IP as local loopback 127.0.0.1 and port 1590

The example showed the tunneling for VNC port, the same settings can be used to access any service by changing the ports and IPs.

SSH Reverse Tunneling:

Reverse tunneling is sort of the same but in this case the destination server can use the tunnel to access services hosted at the source network or machine itself.

Lets consider an example,

Suppose you have a server on a remote network behind a firewall and only SSH (port 22) is open from the remote network to your network, but you want to access a http service running on port 80 hosted on your linux box.

For scenarios like this Reverse tunneling is handy, lets see below how to do it securely and easily.

Use below command on your Linux Box where your http service is hosted…

ssh -R 180:localhost:80 root@192.168.1.1

Where -R 180:localhost  is the remote port and IP / hostname (will be used by the remote server to access the http service)

And  root@192.168.1.1 is the IP and username of the remote server from where you will want to access your web service

SSH Reverse Tunneling explains scenario of firewall blocking the web port but accessing it through ssh reverse tunnel
Firewall is restricting the ports between ssh client and ssh server

After entering the command login with the credentials,

Now you can access your webserver from the remote server.

Accessing web service using links from the links bash terminal
webserver is now accessible, despite port 80 is blocked on firewall

There are can be a lot of scenarios where SSH Tunneling and reverse tunneling can be used to access the inaccessible too 🙂 with the ease and security of ssh behind it.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest articles

x