November 24, 2017

SSH tunneling example

Example of using SSH tunneling in restricted environment. In this case Server1 is a Linux box (Ubuntu 16.04) located in DMZ and it has only SSH (default tcp 22) in allowed. Using SSH tunnels this Linux box is going to be updated using apt tool.

Connect to Server1 from Computer1 and forward a remote port. Server1 is configured with ( as a source list for apt tool.
root@Computer1# ssh -R 8080: username@

After issuing the command Server1 will start listening on port 8080. It can be checked by running “netstat -l”. All connections to 8080 port will be forwarded via Computer1 over ssh.

Then create a local port forwarding by running command below.
root@Server1# ssh -L 80:localhost:8080 username@localhost

Server1 will start listening on port 80. All connections to 80 port will be forwarded to 8080, which will be tunneled to Computer1. Doesn’t seem as an elegant solution but it works well.

The final step is amending hosts file. Simply add below to /etc/hosts.

Then you will be able to update the system via apt tool.
root@Server1# apt update && apt upgrade

Alternative way could be using dynamic port forwarding. It is more suitable for servers with GUI. I will not cover apt proxy configuration. Also DNS should be solved as well.

Connect to Server1 from Computer1. By issuing the command below local ssh tcp 22 port will be forwarded to Server1. It means if you run “ssh localhost 999” on Server1 you will connect to Computer1.
root@Computer1# ssh -R 999:localhost:22 username@

Then on Server1 create a dynamic port forwarding. This will allow Server1 act as a socks proxy.
root@Server1# ssh -D 3128 -p 999 username@localhost

You will be able to see both 999 and 3128 ports listening on Server1 by running “netstat -l” command.

Then you need to configure apt or any other app to use socks proxy on localhost 3128.

No comments:

Post a Comment