Contents
SSH Tunnel
A secure shell (SSH) tunnel consists of an encrypted tunnel created through a SSH protocol connection. Users may set up SSH tunnels to transfer unencrypted traffic over a network through an encrypted channel.
autossh
Autossh is a program to start a copy of SSH and monitor it, restarting it as necessary should it die or stop passing traffic.
autossh -M 0 -L 8080:localhost:8080 example.com -g
Install:
Authentication with generated key pair:
1 ssh-keygen -t rsa # with empty pass on machine running ssh client
2 cat /root/.ssh/id_rsa.pub # paste it into the <destination user home folder>/.ssh/autorized_keys (running sshd server)
3 autossh -i /root/.ssh/id_dsa -M 0 root@10.1.2.3 -R 1433:192.168.4.5:1433 -f -N # use generated key to authenticate on sshd server
4
Netbios SSH tunnel
Entities:
- SSH server: 10.1.1.123
- user on ssh server: root
- Netbios server (Samba): 192.168.3.4
- SSH client: 192.168.3.15
- Ports 139 and 445 on Netbios server
- Ports 139 and 445 must be free in the SSH server
The SSH server on the file /etc/ssh/ssh_config must have GatewayPorts yes.
The SSH client must be able to reach the SSH server and the netbios server.
On the SSH client, issue the following commands:
Now the Netbios server can be reached through ports 139 and 445 in the SSH server.
MS SQL Server tunnel
On the ssh client, issue the following commands:
Change passphrase with ssh-keygen
Script crontab establish connection
Crontab entry
1 0 0 * * * /root/autossh.sh
File to connect with autossh, /root/autossh.sh
Other example script
1 #!/bin/sh
2 killall autossh
3 # listens on port 8585 on the sshServer and redirects traffic to localhost:8080 (ssh client)
4 /usr/bin/autossh -i /root/.ssh/id_rsa -M 0 root@sshdServer -p 2222 -R 8585:localhost:8080 -f -N
5 # listens on port 2525 on localhost (ssh client) and redirects to port 24 on sshServer
6 /usr/bin/autossh -i /root/.ssh/id_rsa -M 0 root@sshdServer -p 2222 -L 2525:localhost:25 -f -N