SSH Tunneling

From Notes

Jump to: navigation, search

SSH tunneling is a bit of knowledge that any security professional should have under their belt. Here I will explain some rudimentary elements to SSH tunneling. The purpose of SSH tunneling is to provide a secure means of transporting data over a non-secure channel. In essence, SSH tunneling is creating a VPN (Virtual Private Network).

SSH tunneling can be used to route any traffic from one computer to another, as long as there is an SSH server on one end and an SSH client on the other end. It is a requirement that there be an account with shell access used to create the tunnel. One common use of SSH tunneling is to secure email transfers when the email server has no secure transport protocol in place. In order to prevent passing a username and password between the client machine and the mailserver in the clear, use SSH tunneling to encrypt all traffic. The following steps explain this concept:

1. First, setup the SSH tunnel between the local machine and the mailserver for pop3 and smtp transport, note the use of high-end port numbers to allow the tunnels to be established by a non-privileged user: 

ssh -L 52110:localhost:110 -L 52025:localhost:25 -l -N mailserver

This command will be answered with a password prompt, which is the password for the SSH account you are using to connect to the mailserver. To verify the tunnels have been established, open another shell and use netstat to see if your machine is now listening on those two ports: 

netstat -l --inet

2. Next, configure your mail client to check for mail on localhost:52110 and to send mail on localhost:52025 host/port configurations.

Simplified

This command will establish a tunnel from the initiating machine (localhost) to the 'remote SSH server'. The details are that whenever a connection is made on the localhost to the 'listen port', this connection will be forwarded through the 'remote SSH server' via SSH and on to the 'end point host' on the port specified by 'connect port'. 

ssh -L <listen port>:<end point host>:<connect port> <remote SSH server>

Put another way, you are establishing a tunnel from the local machine to hostA, but this establishes a connection from the local machine to hostB every time you send data to portA. This data is tunneled from the local machine to hostA on portA, then forwarded to hostB on portB. 

ssh -L portA:hostB:portB hostA


Note: data is only encrypted between the initiating machine and the remote SSH server -- if the traffic goes from the remote SSH server to another server, it is not encrypted between those two points.

Retrieved from "http://www.itsecureadmin.com/wiki/index.php/SSH_Tunneling"
Personal tools