Monday, January 02, 2006

imple OpenSSH Port Forwarding Tip

Recently I deployed a FreeBSD sensor on a client network. The only way I can access cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sensor remotely is to use a Citrix client to connect to a Windows server. Then I use Putty to connect from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Windows server to my sensor. Argh. That is no fun.

Today I realized I should use port forwarding on OpenSSH. Here is what I do.

Connect using Citrix to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Windows server, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n use Putty to connect to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 FreeBSD sensor.

On cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 FreeBSD sensor, use OpenSSH to connect to a system I control running an OpenSSH server. Call this box janney.taosecurity.com.

sensor$ ssh -R 2222:localhost:22 user@janney.taosecurity.com


On janney, connect to port 2222 on localhost. I am now on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 remote sensor.

janney$ ssh -p 2222 user@localhost

That's it. Now I can enjoy an OpenSSH session, instead of an OpenSSH session inside a Citrix window.

Chapter 18 of Debian GNU/Linux 3.1 Bible clued me in to a more interesting scenario. Imagine three hosts, Alpha, Bravo, and Charlie. Alpha can talk to Bravo but not Charlie, and Charlie can talk to Bravo but not Alpha. Is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re a way for Alpha and Charlie to talk directly to each ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r, through Bravo? With OpenSSH port forwarding, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 answer is yes.

On host Alpha, run this command. It takes any input to port 2223 on Alpha and sends it to port 2222 on Bravo.

Alpha$ ssh -L 2223:localhost:2222 Bravo

On host Charlie, run this command. It takes any input from port 2222 on Bravo and sends it to port 22 on Charlie.

Charlie$ ssh -R 2222:localhost:22 Bravo

Finally, again on host Alpha (in a new terminal), to access Charlie from Alpha, run this command. By connecting to port 2223 on Alpha, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 traffic is sent to port 2222 on Bravo, and from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re to 22 on Charlie.

ssh -p 2223 localhost

This sort of access could be helpful when evading network access controls.

2 comments:

Anonymous said...

It's getting even better:

http://www.securityfocus.com/columnists/375

Anonymous said...

It's also been an excellent way to get data too and from a host behind a NAT box.