SSH Tunnel

A secure shell (SSH) tunnel consists of an encrypted tunnel created through a SSH protocol connection. Users may set up SSH tunnels to transfer unencrypted traffic over a network through an encrypted channel.

autossh

Autossh is a program to start a copy of SSH and monitor it, restarting it as necessary should it die or stop passing traffic.

autossh -M 0 -L 8080:localhost:8080 example.com -g

Install:

   1 cd /tmp
   2 wget http://www.harding.motd.ca/autossh/autossh-1.4c.tgz
   3 tar xvzf autossh-1.4c.tgz 
   4 cd autossh-1.4c
   5 ./configure
   6 make
   7 make install

Authentication with generated key pair:

   1 ssh-keygen -t rsa # with empty pass on machine running ssh client
   2 cat /root/.ssh/id_rsa.pub # paste it into the <destination user home folder>/.ssh/autorized_keys (running sshd server)
   3 autossh -i /root/.ssh/id_dsa -M 0 root@10.1.2.3 -R 1433:192.168.4.5:1433 -f -N # use generated key to authenticate on sshd server
   4

Netbios SSH tunnel

Entities:

SSH server: 10.1.1.123
user on ssh server: root
Netbios server (Samba): 192.168.3.4
SSH client: 192.168.3.15
Ports 139 and 445 on Netbios server
Ports 139 and 445 must be free in the SSH server

The SSH server on the file /etc/ssh/ssh_config must have GatewayPorts yes.

The SSH client must be able to reach the SSH server and the netbios server.

On the SSH client, issue the following commands:

   1 # listens to port 139 on 10.1.1.123 that redirects traffic to 192.168.3.4:139 
   2 ssh root@10.1.1.123 -R 139:192.168.3.4:139 sleep 99999 
   3 # listens to port 445 on 10.1.1.123 that redirects traffic to 192.168.3.4:445 
   4 ssh root@10.1.1.123 -R 445:192.168.3.4:445 sleep 99999

Now the Netbios server can be reached through ports 139 and 445 in the SSH server.

MS SQL Server tunnel

On the ssh client, issue the following commands:

   1 # listens to port 1433 on 10.1.1.123 that redirects traffic to 192.168.3.113:1433 
   2 ssh root@10.1.1.123 -R 1433:192.168.3.113:1433 sleep 99999

Change passphrase with ssh-keygen

   1 $ cd ~/.ssh/
   2 #To change DSA passphrase, enter:
   3 $ ssh-keygen -f id_dsa -p
   4 #To change RSA passphrase, enter:
   5 $ ssh-keygen -f id_rsa -p

Script crontab establish connection

Crontab entry

   1 0 0 * * * /root/autossh.sh

File to connect with autossh, /root/autossh.sh

   1 killall autossh
   2 /usr/local/bin/autossh -i /root/.ssh/id_dsa -M 0 root@sshdServer -R 2222:192.168.1.1:22 -f -N
   3 /usr/local/bin/autossh -i /root/.ssh/id_dsa -M 0 root@sshdServer -R 139:192.168.1.2:139 -f -N

-  ⇤ ← Revision 7 as of 2013-11-08 10:43:07 → 
  Size: 2006
  Editor: bl13-22-115
  Comment:
+   ← Revision 9 as of 2025-06-01 10:03:01 → ⇥
  Size: 2730
  Editor: vitor
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 1:
+<<TableOfContents(2)>>
-Line 10:
+Line 12:
- * cd /tmp
 * wget http://www.harding.motd.ca/autossh/autossh-1.4c.tgz
 * tar xvzf autossh-1.4c.tgz 
 * cd autossh-1.4c
 * ./configure
 * make
 * make install
+{{{#!highlight sh
cd /tmp
wget http://www.harding.motd.ca/autossh/autossh-1.4c.tgz
tar xvzf autossh-1.4c.tgz 
cd autossh-1.4c
./configure
make
make install
}}}
-Line 19:
+Line 23:
- * ssh-keygen -t dsa # with empty pass on machine running ssh client
 * cat /root/.ssh/id_dsa.pub # paste it into the <destination user home folder>/.ssh/autorized_keys (running sshd server)
 * autossh -i /root/.ssh/id_dsa -M 0 root@10.1.2.3 -R 1433:192.168.4.5:1433 -f -N # use generated key to authenticate on sshd server
+{{{#!highlight sh
ssh-keygen -t rsa # with empty pass on machine running ssh client
cat /root/.ssh/id_rsa.pub # paste it into the <destination user home folder>/.ssh/autorized_keys (running sshd server)
autossh -i /root/.ssh/id_dsa -M 0 root@10.1.2.3 -R 1433:192.168.4.5:1433 -f -N # use generated key to authenticate on sshd server
}}}
-Line 36:
+Line 42:
-On the ssh client, issue the following commands:
 * ssh root@10.1.1.123 -R 139:192.168.3.4:139 sleep 99999 
 * ssh root@10.1.1.123 -R 445:192.168.3.4:445 sleep 99999
+On the SSH client, issue the following commands:
{{{#!highlight sh
# listens to port 139 on 10.1.1.123 that redirects traffic to 192.168.3.4:139 
ssh root@10.1.1.123 -R 139:192.168.3.4:139 sleep 99999 
# listens to port 445 on 10.1.1.123 that redirects traffic to 192.168.3.4:445 
ssh root@10.1.1.123 -R 445:192.168.3.4:445 sleep 99999 
}}}
-Line 44:
+Line 54:
- * ssh root@10.1.1.123 -R 1433:192.168.3.113:1433 sleep 99999
+{{{#!highlight sh
# listens to port 1433 on 10.1.1.123 that redirects traffic to 192.168.3.113:1433 
ssh root@10.1.1.123 -R 1433:192.168.3.113:1433 sleep 99999
}}}
-Line 55:
+Line 67:
+== Script crontab establish connection ==
Crontab entry

{{{#!highlight sh
0 0 * * * /root/autossh.sh
}}}

File to connect with autossh, /root/autossh.sh

{{{#!highlight sh
killall autossh
/usr/local/bin/autossh -i /root/.ssh/id_dsa -M 0 root@sshdServer -R 2222:192.168.1.1:22 -f -N
/usr/local/bin/autossh -i /root/.ssh/id_dsa -M 0 root@sshdServer -R 139:192.168.1.2:139 -f -N
}}}