SSH Tunnel

A secure shell (SSH) tunnel consists of an encrypted tunnel created through a SSH protocol connection. Users may set up SSH tunnels to transfer unencrypted traffic over a network through an encrypted channel.

autossh

Autossh is a program to start a copy of SSH and monitor it, restarting it as necessary should it die or stop passing traffic.

autossh -M 0 -L 8080:localhost:8080 example.com -g

Install:

   1 cd /tmp
   2 wget http://www.harding.motd.ca/autossh/autossh-1.4c.tgz
   3 tar xvzf autossh-1.4c.tgz 
   4 cd autossh-1.4c
   5 ./configure
   6 make
   7 make install

Authentication with generated key pair:

   1 ssh-keygen -t rsa # with empty pass on machine running ssh client
   2 cat /root/.ssh/id_rsa.pub # paste it into the <destination user home folder>/.ssh/autorized_keys (running sshd server)
   3 autossh -i /root/.ssh/id_dsa -M 0 root@10.1.2.3 -R 1433:192.168.4.5:1433 -f -N # use generated key to authenticate on sshd server
   4

Netbios SSH tunnel

Entities:

SSH server: 10.1.1.123
user on ssh server: root
Netbios server (Samba): 192.168.3.4
SSH client: 192.168.3.15
Ports 139 and 445 on Netbios server
Ports 139 and 445 must be free in the SSH server

The SSH server on the file /etc/ssh/ssh_config must have GatewayPorts yes.

The SSH client must be able to reach the SSH server and the netbios server.

On the SSH client, issue the following commands:

   1 # listens to port 139 on 10.1.1.123 that redirects traffic to 192.168.3.4:139 
   2 ssh root@10.1.1.123 -R 139:192.168.3.4:139 sleep 99999 
   3 # listens to port 445 on 10.1.1.123 that redirects traffic to 192.168.3.4:445 
   4 ssh root@10.1.1.123 -R 445:192.168.3.4:445 sleep 99999

Now the Netbios server can be reached through ports 139 and 445 in the SSH server.

MS SQL Server tunnel

On the ssh client, issue the following commands:

   1 # listens to port 1433 on 10.1.1.123 that redirects traffic to 192.168.3.113:1433 
   2 ssh root@10.1.1.123 -R 1433:192.168.3.113:1433 sleep 99999

Change passphrase with ssh-keygen

   1 $ cd ~/.ssh/
   2 #To change DSA passphrase, enter:
   3 $ ssh-keygen -f id_dsa -p
   4 #To change RSA passphrase, enter:
   5 $ ssh-keygen -f id_rsa -p

Script crontab establish connection

Crontab entry

   1 0 0 * * * /root/autossh.sh

File to connect with autossh, /root/autossh.sh

   1 killall autossh
   2 /usr/local/bin/autossh -i /root/.ssh/id_dsa -M 0 root@sshdServer -R 2222:192.168.1.1:22 -f -N
   3 /usr/local/bin/autossh -i /root/.ssh/id_dsa -M 0 root@sshdServer -R 139:192.168.1.2:139 -f -N

Other example script

   1 #!/bin/sh
   2 killall autossh
   3 # listens on port 8585 on the sshServer and redirects traffic to localhost:8080 (ssh client)
   4 /usr/bin/autossh -i /root/.ssh/id_rsa -M 0 root@sshdServer -p 61222 -R 8585:localhost:8080 -f -N
   5 # listens on port 2525 on localhost (ssh client) and redirects to port 24 on sshServer
   6 /usr/bin/autossh -i /root/.ssh/id_rsa -M 0 root@sshdServer -p 61222 -L 2525:localhost:25 -f -N

-  ⇤ ← Revision 2 as of 2013-10-11 14:25:52 → 
  Size: 1052
  Editor: bl13-13-156
  Comment:
+   ← Revision 11 as of 2025-06-01 10:31:22 → ⇥
  Size: 3183
  Editor: vitor
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 1:
-= SSHTunnel =
+<<TableOfContents(2)>>

= SSH Tunnel =
-Line 3:
+Line 5:
+= autossh =
Autossh is a program to start a copy of SSH and monitor it, restarting it as necessary should it die or stop passing traffic.

autossh -M 0 -L 8080:localhost:8080 example.com -g

Install:
{{{#!highlight sh
cd /tmp
wget http://www.harding.motd.ca/autossh/autossh-1.4c.tgz
tar xvzf autossh-1.4c.tgz 
cd autossh-1.4c
./configure
make
make install
}}}

Authentication with generated key pair:
{{{#!highlight sh
ssh-keygen -t rsa # with empty pass on machine running ssh client
cat /root/.ssh/id_rsa.pub # paste it into the <destination user home folder>/.ssh/autorized_keys (running sshd server)
autossh -i /root/.ssh/id_dsa -M 0 root@10.1.2.3 -R 1433:192.168.4.5:1433 -f -N # use generated key to authenticate on sshd server
}}}
-Line 17:
+Line 42:
-On the ssh client, issue the following commands:
 * ssh root@10.1.1.123 -R 139:192.168.3.4:139 sleep 99999 
 * ssh root@10.1.1.123 -R 445:192.168.3.4:445 sleep 99999
+On the SSH client, issue the following commands:
{{{#!highlight sh
# listens to port 139 on 10.1.1.123 that redirects traffic to 192.168.3.4:139 
ssh root@10.1.1.123 -R 139:192.168.3.4:139 sleep 99999 
# listens to port 445 on 10.1.1.123 that redirects traffic to 192.168.3.4:445 
ssh root@10.1.1.123 -R 445:192.168.3.4:445 sleep 99999 
}}}
-Line 25:
+Line 54:
- * ssh root@10.1.1.123 -R 1433:192.168.3.113:1433 sleep 99999
+{{{#!highlight sh
# listens to port 1433 on 10.1.1.123 that redirects traffic to 192.168.3.113:1433 
ssh root@10.1.1.123 -R 1433:192.168.3.113:1433 sleep 99999
}}}

== Change passphrase with ssh-keygen ==
{{{#!highlight bash
$ cd ~/.ssh/
#To change DSA passphrase, enter:
$ ssh-keygen -f id_dsa -p
#To change RSA passphrase, enter:
$ ssh-keygen -f id_rsa -p
}}}


== Script crontab establish connection ==
Crontab entry

{{{#!highlight sh
0 0 * * * /root/autossh.sh
}}}

File to connect with autossh, /root/autossh.sh

{{{#!highlight sh
killall autossh
/usr/local/bin/autossh -i /root/.ssh/id_dsa -M 0 root@sshdServer -R 2222:192.168.1.1:22 -f -N
/usr/local/bin/autossh -i /root/.ssh/id_dsa -M 0 root@sshdServer -R 139:192.168.1.2:139 -f -N
}}}

Other example script 
{{{#!highlight sh
#!/bin/sh
killall autossh
# listens on port 8585 on the sshServer and redirects traffic to localhost:8080 (ssh client)
/usr/bin/autossh -i /root/.ssh/id_rsa -M 0 root@sshdServer -p 61222 -R 8585:localhost:8080 -f -N
# listens on port 2525 on localhost (ssh client) and redirects to port 24 on sshServer
/usr/bin/autossh -i /root/.ssh/id_rsa -M 0 root@sshdServer -p 61222 -L 2525:localhost:25 -f -N
}}}