What is Local SSH Tunneling?
What happens when local SSH Tunneling occur? Basically, the host and port values get translated to the host and port values of the remote end of the channel. In this way, a clients application gets connected to the local endpoint of the channel while the remote one becomes connected to the remote end accordingly.
Let’s now take an example of local SSH tunneling and let’s see how effective it could be. Consider for instance that the company which you work for intentionally blocks using Facebook.com. Therefore, with regular internet access, such website cannot be reached by an innocent worker inside the company. However, such restriction could be simply bypassed by creating an SSH tunnel.
If the machine used inside a company is named “work”, then let’s call the remote machine as “home”. Now, “work” wants to get connected to “home” via an SSH channel. For such home machine will be utilized as a remote server for any services desired, it must be having a public IP to connect to in the first place. The following code should be executed on the work machine for the sake of getting the tunnel established.
ssh -L 9001:facebook.com:80 home
Please note that in the previous code snippet shows that a local port forwarding is used “L” and the local port to be forwarded is 9001 while the remote host is Facebook.com. And of course, the remote port is 80, and it resides on the home machine. In general, the syntax could be typed as the following:
This means that the SSH client of the home machine gets connected to that of the work machine which usually happens on the port number 22. Local requests on the work machine are listened to through the binding of port 9001 to do so.
Connecting to Facebook.com then is not of the work machine’s business anymore. It is now in fact of the home machine’s since it will have to use port 80 to get connected to Facebook.com. It is also essential to get to know that when the home machine connects to Facebook.com, it does so without any encryption.
Connecting now to the work machine into this link http://localhost:9001 on the browser will definitely yield a connection into the home machine where Facebook.com gets loaded. So, thinking about it this way, such remote device at home could be simply perceived as a gateway which facilitates the connection between the work machine and Facebook.com. The full general syntax snippet of code becomes like the following then.
ssh -L <local-port-to-listen>:<remote-host>:<remote-port><gateway>
It is even possible that a port in the home computer could be used instead of getting connected to an external host. The following syntax could be used in this case.
-L 5900:localhost:5900 home (Executed from ‘work’)
A good question now is: what does such line of code do? A connection gets established to port 5900 on the home machine where a VNC client could listen freely. All data from any kind could be transferred using this method such that it is not the browsing sessions which are to be transferred through such a tunnel.
Hence, depending on such methodology, SSH sessions could be tunneled as well. This is very effective when there is a banned computer to create SSH session with. Such banned computer could be connected to the host through an SSH tunnel using local port forwarding. Such local port forwarding could be executed using the following command as encryption happens to the transferred data between the work machine and banned machine.
ssh -L 9001:banned:22 home
And it is important to start the SSH service on 9001 from where the session
will get tunneled to the banned computer via the home machine.
ssh -p 9001 localhost
How can local SSH Tunneling be performed?
A good thing about local SSH tunneling is that a computer not connected to the internet could be communicated with through this methodology. While dynamic tunneling needs SOCKS proxy in order to get all the TCP traffic tunneled, local tunneling needs the IP address of the destination machine.
Throughout the following lines, we will be establishing a connection between a remote PC and a local system of a different network. Let’s take the following five points for granted before we get to start essentially:
- There is an SSH server which is two Ethernet interface.
- The local IP address is 192.168.1.217,
- While the IP address of the remote machine is 192.168.1.219
- The IP address of the 192.168.10.2 is connected to the local network system 192.168.10.2
- The IP address of the SSH client is basically 192.168.10.2
The following steps are to get followed for the sake of establishing the Local SSH tunneling:
- Open the terminal and type the following command to get the network configuration:
- The configuration of SSH server should now show that there are two IP addresses connected:
192.168.1.217 and 192.168.10.1
- The configuration of SSH server should also appear after typing the aforementioned command. The following IP address should appear as running as an SSH client:
- When the remote PC which has the IP address of 192.168.1.219 attempts to get connected to the SSH server having the IP address of 192.168.1.217, it will get a successful login inside server through port 22.
- However, if the same remote machine of the IP address of 192.168.1.219 tries to get connected to the SSH client of the IP address of 192.168.10.2, a network error will appear since both machines belong to a different network from the other one.
- Let’s now use of PuTTY software to get the SSH local tunneling established.
7. Get connected to the SSH server of the IP address of 192.168.1.22 through port number 22
8. Navigate to the left column of “Category” and choose “SSH” under which “Tunnel” should be clicked on.
9. Then, inside the “Source port” type 7000 for instance.
10. Then, inside the “Destination” type 192.168.10.2:22
11. Click on “Local” then now press “Add”.
12. After it is done with the process. Press “Open”.
13. Now, the connection between a remote pc and an SSH server should be on.
14. Open the PuTTY software again or just a new window of it.
15. Under “Host Name (or IP address)” type a name for this hostname; for example, just type “localhost”.
16. Under “Port” type “7000” which we configured before.
17. Now, trying to connect to the SSH client will yield a connection with no network error. This will be performed successfully. Congratulations!!
Try Certified Ethical Hacker for FREE!!!– https://infosecaddicts.com/course/certified-ethical-hacker-v10/