How to perform Local SSH Tunneling?

How to secure an SSH connection?

What is Local SSH Tunneling?

SSH Tunneling

What happens when local SSH Tunneling occur? Basically, the host and port values get translated to the host and port values of the remote end of the channel. In this way, a client application gets connected to the local endpoint of the channel while the remote one becomes connected to the remote end accordingly.

Let’s now take an example of local SSH tunneling and let’s see how effective it could be. Consider for instance that the company which you work for intentionally blocks using Facebook.com. Therefore, with regular internet access, such website cannot be reached by an innocent worker inside the company. However, such restriction could be simply bypassed by creating an SSH tunnel.

If the machine used inside a company is named “work”, then let’s call the remote machine as “home”. Now, “work” wants to get connected to “home” via an SSH channel. For such home machine will be utilized as a remote server for any services desired, it must be having a public IP to connect to in the first place. The following code should be executed on the work machine for the sake of getting the tunnel established.

ssh -L 9001:facebook.com:80 home
Please note that in the previous code snippet shows that a local port forwarding is used “L” and the local port to be forwarded is 9001 while the remote host is Facebook.com. And of course, the remote port is 80, and it resides on the home machine. In general, the syntax could be typed as the following:

-L <local-port-to-listen>:<remote-host>:<remote-port>
This means that the SSH client of the home machine gets connected to that of the work machine which usually happens on the port number 22. Local requests on the work machine are listened to through the binding of port 9001 to do so.

Connecting to Facebook.com then is not of the work machine’s business anymore. It is now in fact of the home machine’s since it will have to use port 80 to get connected to Facebook.com. It is also essential to get to know that when the home machine connects to Facebook.com, it does so without any encryption.

Connecting now to the work machine into this link http://localhost:9001 on the browser will definitely yield a connection into the home machine where Facebook.com gets loaded. So, thinking about it this way, such remote device at home could be simply perceived as a gateway which facilitates the connection between the work machine and Facebook.com. The full general syntax snippet of code becomes like the following then.

ssh -L <local-port-to-listen>:<remote-host>:<remote-port><gateway>

SSH Tunneling

It is even possible that a port in the home computer could be used instead of getting connected to an external host. The following syntax could be used in this case.

-L 5900:localhost:5900 home (Executed from ‘work’)
A good question now is: what does such line of code do? A connection gets established to port 5900 on the home machine where a VNC client could listen freely. All data from any kind could be transferred using this method such that it is not the browsing sessions which are to be transferred through such a tunnel.

Hence, depending on such methodology, SSH sessions could be tunneled as well. This is very effective when there is a banned computer to create SSH session with. Such banned computer could be connected to the host through an SSH tunnel using local port forwarding. Such local port forwarding could be executed using the following command as encryption happens to the transferred data between the work machine and banned machine.

ssh -L 9001:banned:22 home
And it is important to start the SSH service on 9001 from where the session
will get tunneled to the banned computer via the home machine.

ssh -p 9001 localhost

How can local SSH Tunneling be performed? 

SSH Tunneling

A good thing about local SSH tunneling is that a computer not connected to the internet could be communicated with through this methodology. While dynamic tunneling needs SOCKS proxy in order to get all the TCP traffic tunneled, local tunneling needs the IP address of the destination machine.

Throughout the following lines, we will be establishing a connection between a remote PC and a local system of a different network. Let’s take the following five points for granted before we get to start essentially:

  1. There is an SSH server which is two Ethernet interface.
  2. The local IP address is 192.168.1.217,
  3. While the IP address of the remote machine is 192.168.1.219
  4. The IP address of the 192.168.10.2 is connected to the local network system 192.168.10.2
  5. The IP address of the SSH client is basically 192.168.10.2

 

The following steps are to get followed for the sake of establishing the Local SSH tunneling:

  1. Open the terminal and type the following command to get the network configuration:
    ifconfig
  2. The configuration of SSH server should now show that there are two IP addresses connected:
    192.168.1.217 and 192.168.10.1
  3. The configuration of SSH server should also appear after typing the aforementioned command. The following IP address should appear as running as an SSH client:
    192.168.10.2
  4. When the remote PC which has the IP address of 192.168.1.219 attempts to get connected to the SSH server having the IP address of 192.168.1.217, it will get a successful login inside server through port 22.
  5. However, if the same remote machine of the IP address of 192.168.1.219 tries to get connected to the SSH client of the IP address of 192.168.10.2, a network error will appear since both machines belong to a different network from the other one.
  6. Let’s now use of PuTTY software to get the SSH local tunneling established.

 

7. Get connected to the SSH server of the IP address of 192.168.1.22 through port number    22

8. Navigate to the left column of “Category” and choose “SSH” under which “Tunnel” should     be clicked on.

9. Then, inside the “Source port” type 7000 for instance.

10. Then, inside the “Destination” type 192.168.10.2:22

11. Click on “Local” then now press “Add”.

12. After it is done with the process. Press “Open”.

13. Now, the connection between a remote pc and an SSH server should be on.

14. Open the PuTTY software again or just a new window of it.

15. Under “Host Name (or IP address)” type a name for this hostname; for example, just       type “localhost”.

16. Under “Port” type “7000” which we configured before.

17. Now, trying to connect to the SSH client will yield a connection with no network error.        This will be performed successfully. Congratulations!!

Try Certified Ethical Hacker for FREE!!!https://infosecaddicts.com/course/certified-ethical-hacker-v10/

References

http://www.hackingarticles.in/beginner-guide-ssl-tunneling-dynamic-tunneling/

http://www.hackingarticles.in/perform-local-ssh-tunneling/

https://en.wikipedia.org/wiki/Tunneling_protocol

https://en.wikipedia.org/wiki/SOCKS

https://en.wikipedia.org/wiki/Comparison_of_proxifiers

https://en.wikipedia.org/wiki/TUN/TAP

http://www.hackingarticles.in/perform-remote-tunneling/

http://www.hackingarticles.in/beginner-guide-ssl-tunneling-dynamic-tunneling/

http://linux.byexamples.com/archives/115/ssh-dynamic-tunneling/

https://ypereirareis.github.io/blog/2016/09/19/ssh-tunnel-local-remote-port-forwarding/

https://coderwall.com/p/pmf0tw/understand-local-remote-and-dynamic-ssh-tunneling

http://www.hackingarticles.in/time-scheduling-ssh-port/

http://www.hackingarticles.in/web-server-exploitation-ssh-log-poisoning-lfi/

http://www.hackingarticles.in/metasploitable-3-exploitation-using-brute-forcing-ssh/

http://www.hackingarticles.in/secure-port-using-port-knocking/

https://chamibuddhika.wordpress.com/2012/03/21/ssh-tunnelling-explained/

https://en.wikipedia.org/wiki/RealVNC

https://nmap.org/

http://resources.infosecinstitute.com/metasploitable-2-walkthrough/#gref

https://www.vulnhub.com/entry/metasploitable-2,29/

https://github.com/rapid7/metasploitable3

Novice
$0
Join the infosec family! Your journey starts here. The free tier gives you limited access to our training materials.
Regular use
$49
This is the second tier that includes limited access to our training materials and to our exclusive lab.  
Risky use
$69
This third tier gives you all the luxuries of the Free use and more. You have access to self-paced classes.  
Monthly use
$89
This last tier gives you the Free, Social and Problem use for just $89 a month. Plus you will save $29!!!  

How to Perform Dynamic SSH Tunneling?

What is Dynamic SSH Tunneling?

One of the most effective SSH tunneling methods is the dynamic tunneling. Through such method, different remote destinations could simply get tunneled into. How does this actually happen? It actually utilizes one port for the sake of opening SOCKS service on it. Then, an application could depend on such port when sending its own traffic. The client side should get a SOCKS proxy created which gets utilized by an application to determine the destination of the traffic when it leaves the other end of the SSH tunnel. The following command is to be typed on the work machine.

ssh -D 9001 home (Executed from ‘work’)

It is important to understand the previous command very well. The “D” actually refers to the dynamic SSH tunneling. SSH here is used for the sake of creating SOCKS proxy which listens for all connections at port number 9001. All the requests then get routed towards work and home machines depending on the direction. Such connection happens through an encrypted SSH channel. For this, it is required to configure the browser to point to the SOCKS proxy at port 9001 at localhost.

How can SOCKS relate to SSH tunnels?
SSH Tunneling

In fact, SOCK5 represents a means to secure a connection between two remote devices where SSH is used to establish a connection between them both. So, what is the difference between SSH and SOCKS in this regard? Mainly in order to establish an SSH service or connection, it has to specify a specific port on a remote machine. However, SOCKS can allow an entire application to be run remotely through using the SOCKS proxy server which is local. Specifying a particular remote server or remote port to get connected into is no longer the case when dealing with SOCKS, which gives a comparably more freedom for its user.

Let’s consider now the case when an application does not support SOCKS in the first place! What could be the solution in such case? There is what is referred to as a proxifier. The idea behind such software is that it is a mere software program which opens the door for any other program to get connected through a proxy server even if such program does not support it. This is done by getting the network requests of such programs intercepted and modified before passing through the proxy server. In this manner, an application gets redirected into a local SOCKS proxy server. SSH is supported directed by some proxifiers such as Proxycap. This means that the need of an SSH client becomes vanished when using such a proxifier.

How can dynamic SSH Tunneling be performed? 

SSH Tunneling

Throughout the following lines, we will walk through the methodology to establish a connection between a remote machine and another local system residing on a different network. Let’s take the following five points for granted before we get to start essentially:

  1. There is an SSH server which is two Ethernet interface.
  2. The local IP address is 192.168.1.22
  3. While the IP address of the remote system is 192.168.1.21, residing outside of the network in the first place.
  4. The IP address of 192.168.10.2 is connected to another local network system of IP address of 192.168.10.2
  5. The SSH client has the following IP address: 192.168.1.21

 

The following steps are to get followed for the sake of establishing the Remote SSH tunneling. A remote machine having an IP address of 192.168.1.21 attempts to get connected to a local machine at work network of IP address 192.168.10.2. Such attempt gets denied due to the fact that there is a firewall block occurring against such incoming traffic. In order for a remote machine to get connected to a local machine inside a network, the remote machine will connect to an SSH server inside the network, which will forward the connection to an SSH client which is local inside the network. It is important in the first place that both the SSH client and SSH server have their SSH service activated on them.

  1. Open the terminal and type the following command to get the network configuration:
    ifconfig
  2. The configuration of SSH server should now show that there is two IP address connected:
    192.168.1.22 and 192.168.0.1
  3. The configuration of SSH server should also appear after typing the aforementioned command. The following IP address should appear as running as an SSH client on Ubuntu:
    192.168.10.2
  4. When the remote PC which has the IP address of 192.168.1.21 attempts to get connected to the SSH server having the IP address of 192.168.1.22, it will get a successful login inside server through port 22.
  5. However, if the same remote machine of the IP address of 192.168.1.21 tries to get connected to the SSH client of the IP address of 192.168.10.2, a network error will appear since both machines belong to a different network from the other one.
  6. Let’s use of PuTTY software to get the SSH local tunneling established.

 

7. Get connected to the SSH server of the IP address of 192.168.1.22 through port number  22

8. Navigate to the left column of “Category” and choose “SSH” under which “Tunnel” should be clicked on.

 

9. Then, inside the “Source port” type 7000 for instance.

10. Click on “Dynamic” then now press “Add”.

11. After it is done with the process. Press “Open”.

12 Now, the connection between a remote pc and an SSH server should be on.

13 Open the PuTTY software again or just a new window of it.

14 Under “Host Name (or IP address)” type “192.168.10.2”

15 Under “Port” type “22” for the SSH service

16 “Open” should be pressed now.

17 Open the previously used window of PuTTY again now.

18 Navigate to the left column of “Category” and choose “Connection” under which “Proxy” should be clicked on.

19 Then, inside the “Proxy type” select “SOCKS5”

20 Under “Host Name (or IP address)” type “127.0.0.1”

21 Under “Port” type “7000” which was previously configured.

22 Now, “Open” should be pressed.

23 Now, trying to connect to the SSH client will yield a connection with no network error. This will be performed successfully. Port 7000 is the used port in such methodology. Congratulations!!

Try Certified Ethical Hacker for FREE!!!https://infosecaddicts.com/course/certified-ethical-hacker-v10/

References

http://www.hackingarticles.in/beginner-guide-ssl-tunneling-dynamic-tunneling/

http://www.hackingarticles.in/perform-local-ssh-tunneling/

https://en.wikipedia.org/wiki/Tunneling_protocol

https://en.wikipedia.org/wiki/SOCKS

https://en.wikipedia.org/wiki/Comparison_of_proxifiers

https://en.wikipedia.org/wiki/TUN/TAP

http://www.hackingarticles.in/perform-remote-tunneling/

http://www.hackingarticles.in/beginner-guide-ssl-tunneling-dynamic-tunneling/

http://linux.byexamples.com/archives/115/ssh-dynamic-tunneling/

https://ypereirareis.github.io/blog/2016/09/19/ssh-tunnel-local-remote-port-forwarding/

https://coderwall.com/p/pmf0tw/understand-local-remote-and-dynamic-ssh-tunneling

http://www.hackingarticles.in/time-scheduling-ssh-port/

http://www.hackingarticles.in/web-server-exploitation-ssh-log-poisoning-lfi/

http://www.hackingarticles.in/metasploitable-3-exploitation-using-brute-forcing-ssh/

http://www.hackingarticles.in/secure-port-using-port-knocking/

https://chamibuddhika.wordpress.com/2012/03/21/ssh-tunnelling-explained/

https://en.wikipedia.org/wiki/RealVNC

https://nmap.org/

http://resources.infosecinstitute.com/metasploitable-2-walkthrough/#gref

https://www.vulnhub.com/entry/metasploitable-2,29/

https://github.com/rapid7/metasploitable3

Novice
$0
Join the infosec family! Your journey starts here. The free tier gives you limited access to our training materials.
Regular use
$49
This is the second tier that includes limited access to our training materials and to our exclusive lab.  
Risky use
$69
This third tier gives you all the luxuries of the Free use and more. You have access to self-paced classes.  
Monthly use
$89
This last tier gives you the Free, Social and Problem use for just $89 a month. Plus you will save $29!!!  

How to secure an SSH connection?

Quick Background about SSH:

SSH

SSH is actually a cryptographic network protocol. It works for the application layer of the Network suite. But what is it for then? It is mainly used for operation over a network which is not secured. Computer systems, for example, could be accessed remotely by users through such network protocol.

The architecture utilized by SSH protocol has the form of a client-server basis. An SSH server is connected to through an SSH client. While most of the applications support login through command-line and remote command execution, it has the ability to work for any network service as long as one of the two versions are used: SSH-1 and SSH-2.

Quick Background about PuTTY:

SSH

PuTTY on its own has no meaning, yet it is free and open-source software, In fact, it is a terminal emulator, serial console, and network file transfer application. Plenty of network protocols are supported through such application such as Secure Copy (SCP), Secure Shell, Telnet, Rlogin, and raw socket connection. Moreover, a serial port could be connected by PuTTY.

Netcat

SSH

Reading from and writing to a network connection through protocols like Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) are always considered a great step for both a security administrator or an attacker. Both of these categories of individuals utilize whatever data they get for an entirely different purpose than the other.

Netcat provides an efficient means of investigating a network from the back-end side –servers– and further establish any new connection inside networks using the protocols mentioned above. It has the capability to be run on its own or through scripts or other programs.

Kali Linux

ssh_kali

One of the most important security tools to understand and work very well is, in fact, Kali Linux. But let’s discuss its benefits in a nutshell.

⦁ Penetration testing and digital forensics always consider such tool as an essential one for their purposes.
⦁ It provides its user with a variety of tools and functions which are categorized into thirteen categories:
⦁ Information Gathering such as Dmitry
⦁ Vulnerability Analysis like Inguma
⦁ Tools for exploitation as Metasploit Framework
⦁ Wireless Attacks like WIFI Honey
⦁ Forensics such as Binwalk
⦁ Web Applications like Skipfish
⦁ Stress testing like FunkLoad
⦁ Sniffing and Spoofing as Wireshark
⦁ Password attacks like done by TrueCrack
⦁ Maintaining Access such as Intersect
⦁ Hardware hacking performed by dex2jar for instance
⦁ Reverse Engineering for which Apktool, for example, can be used
⦁ Reporting tools as MagicTree

How to setup an SSH server using port forwarding? 

ssh server

  1. Get the terminal opened and then inside it the following command should be simply typed to install an SSH server:
    sudo apt-get install openssh-server
  2. Get the SSH service started and running now through the following command:
    service ssh start
  3. It could be made sure of being working through the following command now:
    service ssh status
  4. Nmap should be used now inside Kali Linux’s terminal where scanning it could be performed through the next command:
    nmap -sV 192.168.1.17
  5. Such scanning shall show the port number 22 as an open port. PuTTY should be used now to configure such port. To accomplish such configuration successfully, the IP address should be typed under the “Host Name”. In addition, the port number should be set to be 22. It should be now selected and then “Open” should be clicked.
  6. Now, the password should be typed and then “Enter” should be pressed when done typing the password.

How can one secure an SSH connection?

ssh secure

  1. Get its service configured first of all.
  2. Let’s try port forwarding now. Open a file named ““sshd_config” which resides inside the following directory: computer>etc>ssh
  3. very port numbered 22 should be edited and altered into 2222 instead. This is basically done for the sake of forwarding SSH service from port 22 to port 2222.
  1. Nmap should be able to assure us of such forwarding using:
    nmap -sV 192.168.1.17
  2. An alternative way for the sake of such assurance depends on Telnet using the following command. This port will be shown whether it is open or not. Plus, the type of connection it is listening to will be displayed as well.
    telnet 192.168.1.17 2222
  3. Netcat could be also used for this sake of assurance using the following command. This will also display the current service running on port 2222.
    nc 192.168.1.17 2222

How to set SSH Connection using PGP Keys?

ssh pgp

  1. PuTTy key generator should be downloaded first of all and then installed.
  2. Get it open and then “Generate” should be clicked on now.
  3. A public key along with a private key will get generated. Get the private key saved for further reference. This is important. The file containing it could be renamed with any desired naming.
  4. Get the Linux terminal opened now and the following command should be typed now:
    ssh-keygen
  5. A folder called “.ssh” gets now created as a result of the previous command. Inside it, get a text file named “authorized_keys” created.
  6. Inside the same folder, a file named “ssh login key.ppk” should get copied.
  7. The .ssh folder should be now moved into inside the terminal. For this sake, the following command should be used.
    puttygen –L “ssh login key.ppk”
  8. This will yield in getting a key generated. The key should then get copied into the empty created with the authorized_keys.
  9. Inside PuTTY configuration, an Auto-login username should be entered under the Data section.
  10. The SSH login key which is essentially the private key could have its path changed under SSH>Auth.
  11. Both the IP address and the port number 2222 should now both be typed in their respected places under the Session tab.

 

12. Now, “Open” should be clicked, and then the password should be typed now and    “Enter” should be pressed through the keyboard.

alice

13. Getting the password entirely disabled will help improve the security level. This will enhance our security and stop us from being vulnerable by a hacking method of a  password. Opening “sshd_config” inside computer>etc could allow us to disable this aspect.

14. Inside this file, password authentication should be changed from yes to no. It is set by default as yes and the line is commented. So, uncommenting the line is important as well  in this step.

Try Certified Ethical Hacker for FREE!!!https://infosecaddicts.com/course/certified-ethical-hacker-v10/

References

http://www.hackingarticles.in/setup-ssh-pentest-lab/

http://www.hackingarticles.in/secure-ssh-port-using-port-forwarding-beginner-guide/

http://www.hackingarticles.in/perform-local-ssh-tunneling/

http://www.hackingarticles.in/time-scheduling-ssh-port/

http://www.hackingarticles.in/beginner-guide-ssl-tunneling-dynamic-tunneling/

Novice
$0
Join the infosec family! Your journey starts here. The free tier gives you limited access to our training materials.
Regular use
$49
This is the second tier that includes limited access to our training materials and to our exclusive lab.  
Risky use
$69
This third tier gives you all the luxuries of the Free use and more. You have access to self-paced classes.  
Monthly use
$89
This last tier gives you the Free, Social and Problem use for just $89 a month. Plus you will save $29!!!  

How to do SSH port forwarding on Windows?

What is port forwarding in the first place? 

At the time the packets traverse a network gateway like a firewall or a router, the communication request gets redirected from a combination of a specific address and a particular port number to another one. This is considered as an application of network address translation (NAT).  Such methodology is beneficial especially when dealing with a suspicious network or being on an insecure network.

In fact, the enhancement of security which such port forwarding implies lies in the fact that an attacker will not readily know such port forwarding since this happens on the internal side of a network gateway. In other words, an attacker will not be familiar easily with such network mapping which is configured on the firewall for some specific bunch of essential ports to other ports.

What to know about SSH?

ssh

SSH is actually a cryptographic network protocol. It works for the application layer of the Network suite. But what is it d for then? It is mainly used for operation over a network which is not secured. Computer systems, for example, could be accessed remotely by users through such network protocol.

The architecture utilized by SSH protocol has the form of a client-server basis. An SSH server is connected to through an SSH client. While most of the applications support login through command-line and remote command execution, SSH has the ability to work for any network service as long as one of the two versions are used: SSH-1 and SSH-2.

Know what is the purpose of port forwarding?

In fact, there is a plenty of applications where port forwarding works the best. Among such applications are:

  • In a private LAN where an HTTP server gets run.
  • In a private LAN between a host and from the internet through SSH connection.
  • A private LAN between a host and from the internet through FTP connection.
  • In a private LAN where a game server is run and available in public.

What about Windows and SSH? 

ssh

ssh

Windows is okay for SSH usage but with limited integrations. Unix-like operating systems can get access to shell accounts using SSH. Protocols like Telnet, Rlogin, rsh, and rexec was intended to get replaced by SSH when first came into existence.

The reason is that such protocols send valuable information such as passwords in a plain text format, which is completely insecure. Any packet analyzer has the ability to get such packets sniffed, and the password becomes easily accessible then.

The reason is that such protocols send valuable information such as passwords in a plain text format, which is completely insecure. Any packet analyzer has the ability to get such packets sniffed, and the password becomes easily accessible then.

Why is securing SSH port important? 

ssh

Hacking is very common, and it exploits any open port of a system. Does this mean that all the ports should get closed? Well, of course, the answer to this question is no because closing ports will not give a user the ability to even work on his or her computing device. So what is the solution then? It is to secure the used ports even when they are not closed. When using the SSH port, it is also important to get it secured as well.

OpenSSH and OSSH

ssh

For the sake of making the software free and available to get used without any cost, the older 1.2.12 release of the original SSH program was the starting point when it was an open source software version. In 1999, using the codebase of such version, Björn Grönvall’s OSSH got released.

OpenBSD developers then worked on developing and improving the code of Grönvall. The result was the successful OpenSSH, which shipped with the 2.6 release of OpenBSD. OpenSSH was then able to get ported onto other operating systems through what is referred to as a portability branch.

OpenSSH supported plenty of operating systems to the extent that back in 2005 it was the only SSH implementation running on several platforms. OSSH, on the other hand, came to vanish at the same time when OpenSSH got much more viral and popular.

Nmap

ssh

Network Mapper (Nmap) security scanner contained within itself another implementation of Netcat and granted it Ncat as a new name, where it represented another cross-platform the same as Nmap. This was back in 2005, and several features were added to it such as

⦁ It is allowed to redirect connections of TCP/UDP
⦁ Connection Brokering is also supported
⦁ Both from the server and the client sides are supported SOCKS4
⦁ Processes of Ncat has the ability to be chained
⦁ Proxy chaining is also aided by Ncat; this feature is often reoffered to as HTTP CONNECT proxying.
⦁ Even Secure Socket Layers (SSL) has the privilege to get listened to or connected to by Ncat
⦁ Filtration of Internet Protocol (IP) address/connection is also supported.

How to perform port forwarding to secure SSH port in Windows?

ssh

  1. Get the OpenSSH tool downloaded and then installed on your Windows machine.
  2. Make sure that port 22 is open. This can be performed using Nmap security tool. The following command will be helpful in our case:
    nmap 192.168.1.17
  3. Let’s consider that it is open and it is already listening to SSH service.
  4. Get the file named “sshd_config” opened now. This file could be found inside the following directory:
    my computer>local Disk(C:)>program files>OpenSSH>etc
  5. Port 22 will appear as the one which is listened to. Get it altered into 3221 for instance.

6. This means that port 3221 became the one listened to by SSH protocol instead of port     22.

7. Get back to the command prompt and get the SSH service restarted now on the machine to see the port. This could be simply done with the help of the following command. It will first stop the service then reopen it again.

C:\WINDOWS\SYSTEM32>net stop opensshd
C:\WINDOWS\SYSTEM32>net start opensshd

8. Nmap is able to get such action confirmed through its own scan as well. The following command should be used then.

nmap -A 192.168.1.17

9. Such scan shows the forwarded port clearly of 3221, making it still easy for attackers to get into the system.

Try Certified Ethical Hacker for FREE!!!https://infosecaddicts.com/course/certified-ethical-hacker-v10/

References

http://www.hackingarticles.in/setup-ssh-pentest-lab/

http://www.hackingarticles.in/secure-ssh-port-using-port-forwarding-beginner-guide/

https://en.wikipedia.org/wiki/Port_forwarding

Novice
$0
Join the infosec family! Your journey starts here. The free tier gives you limited access to our training materials.
Regular use
$49
This is the second tier that includes limited access to our training materials and to our exclusive lab.  
Risky use
$69
This third tier gives you all the luxuries of the Free use and more. You have access to self-paced classes.  
Monthly use
$89
This last tier gives you the Free, Social and Problem use for just $89 a month. Plus you will save $29!!!