SSH Tunnel

A secure shell (SSH) tunnel consists of an encrypted tunnel created through a SSH protocol connection. Users may set up SSH tunnels to transfer unencrypted traffic over a network through an encrypted channel.

autossh

Autossh is a program to start a copy of SSH and monitor it, restarting it as necessary should it die or stop passing traffic.

autossh -M 0 -L 8080:localhost:8080 example.com -g

Install:

   1 cd /tmp
   2 wget http://www.harding.motd.ca/autossh/autossh-1.4c.tgz
   3 tar xvzf autossh-1.4c.tgz 
   4 cd autossh-1.4c
   5 ./configure
   6 make
   7 make install

Authentication with generated key pair:

   1 ssh-keygen -t rsa # with empty pass on machine running ssh client
   2 cat /root/.ssh/id_rsa.pub # paste it into the <destination user home folder>/.ssh/autorized_keys (running sshd server)
   3 autossh -i /root/.ssh/id_dsa -M 0 root@10.1.2.3 -R 1433:192.168.4.5:1433 -f -N # use generated key to authenticate on sshd server
   4

Netbios SSH tunnel

Entities:

SSH server: 10.1.1.123
user on ssh server: root
Netbios server (Samba): 192.168.3.4
SSH client: 192.168.3.15
Ports 139 and 445 on Netbios server
Ports 139 and 445 must be free in the SSH server

The SSH server on the file /etc/ssh/ssh_config must have GatewayPorts yes.

The SSH client must be able to reach the SSH server and the netbios server.

On the SSH client, issue the following commands:

   1 # listens to port 139 on 10.1.1.123 that redirects traffic to 192.168.3.4:139 
   2 ssh root@10.1.1.123 -R 139:192.168.3.4:139 sleep 99999 
   3 # listens to port 445 on 10.1.1.123 that redirects traffic to 192.168.3.4:445 
   4 ssh root@10.1.1.123 -R 445:192.168.3.4:445 sleep 99999

Now the Netbios server can be reached through ports 139 and 445 in the SSH server.

MS SQL Server tunnel

On the ssh client, issue the following commands:

   1 # listens to port 1433 on 10.1.1.123 that redirects traffic to 192.168.3.113:1433 
   2 ssh root@10.1.1.123 -R 1433:192.168.3.113:1433 sleep 99999

Change passphrase with ssh-keygen

   1 $ cd ~/.ssh/
   2 #To change DSA passphrase, enter:
   3 $ ssh-keygen -f id_dsa -p
   4 #To change RSA passphrase, enter:
   5 $ ssh-keygen -f id_rsa -p

Script crontab establish connection

Crontab entry

   1 0 0 * * * /root/autossh.sh

File to connect with autossh, /root/autossh.sh

   1 killall autossh
   2 /usr/local/bin/autossh -i /root/.ssh/id_dsa -M 0 root@sshdServer -R 2222:192.168.1.1:22 -f -N
   3 /usr/local/bin/autossh -i /root/.ssh/id_dsa -M 0 root@sshdServer -R 139:192.168.1.2:139 -f -N

Other example script

   1 #!/bin/sh
   2 killall autossh
   3 # listens on port 8585 on the sshServer and redirects traffic to localhost:8080 (ssh client)
   4 /usr/bin/autossh -i /root/.ssh/id_rsa -M 0 root@sshdServer -p 2222 -R 8585:localhost:8080 -f -N
   5 # listens on port 2525 on localhost (ssh client) and redirects to port 24 on sshServer
   6 /usr/bin/autossh -i /root/.ssh/id_rsa -M 0 root@sshdServer -p 2222 -L 2525:localhost:25 -f -N