Monday, January 02, 2006

imple OpenSSH Port Forwarding Tip

Recently I deployed a FreeBSD sensor on a client network. The only way I can access the sensor remotely is to use a Citrix client to connect to a Windows server. Then I use Putty to connect from the Windows server to my sensor. Argh. That is no fun.

Today I realized I should use port forwarding on OpenSSH. Here is what I do.

Connect using Citrix to the Windows server, and then use Putty to connect to the FreeBSD sensor.

On the FreeBSD sensor, use OpenSSH to connect to a system I control running an OpenSSH server. Call this box janney.taosecurity.com.

sensor$ ssh -R 2222:localhost:22 user@janney.taosecurity.com


On janney, connect to port 2222 on localhost. I am now on the remote sensor.

janney$ ssh -p 2222 user@localhost

That's it. Now I can enjoy an OpenSSH session, instead of an OpenSSH session inside a Citrix window.

Chapter 18 of Debian GNU/Linux 3.1 Bible clued me in to a more interesting scenario. Imagine three hosts, Alpha, Bravo, and Charlie. Alpha can talk to Bravo but not Charlie, and Charlie can talk to Bravo but not Alpha. Is there a way for Alpha and Charlie to talk directly to each other, through Bravo? With OpenSSH port forwarding, the answer is yes.

On host Alpha, run this command. It takes any input to port 2223 on Alpha and sends it to port 2222 on Bravo.

Alpha$ ssh -L 2223:localhost:2222 Bravo

On host Charlie, run this command. It takes any input from port 2222 on Bravo and sends it to port 22 on Charlie.

Charlie$ ssh -R 2222:localhost:22 Bravo

Finally, again on host Alpha (in a new terminal), to access Charlie from Alpha, run this command. By connecting to port 2223 on Alpha, the traffic is sent to port 2222 on Bravo, and from there to 22 on Charlie.

ssh -p 2223 localhost

This sort of access could be helpful when evading network access controls.

2 comments:

Anonymous said...

It's getting even better:

http://www.securityfocus.com/columnists/375

transzorp said...

It's also been an excellent way to get data too and from a host behind a NAT box.