SSH Tunnel
A secure shell (SSH) tunnel consists of an encrypted tunnel created through a SSH protocol connection. Users may set up SSH tunnels to transfer unencrypted traffic over a network through an encrypted channel.
autossh
Autossh is a program to start a copy of SSH and monitor it, restarting it as necessary should it die or stop passing traffic.
autossh -M 0 -L 8080:localhost:8080 example.com -g
Install:
- cd /tmp
- tar xvzf autossh-1.4c.tgz
- cd autossh-1.4c
- ./configure
- make
- make install
Authentication with generated key pair:
- ssh-keygen -t dsa # with empty pass on machine running ssh client
cat /root/.ssh/id_dsa.pub # paste it into the <destination user home folder>/.ssh/autorized_keys (running sshd server)
autossh -i /root/.ssh/id_dsa -M 0 root@10.1.2.3 -R 1433:192.168.4.5:1433 -f -N # use generated key to authenticate on sshd server
Netbios SSH tunnel
Entities:
- SSH server: 10.1.1.123
- user on ssh server: root
- Netbios server (Samba): 192.168.3.4
- SSH client: 192.168.3.15
- Ports 139 and 445 on Netbios server
- Ports 139 and 445 must be free in the SSH server
The SSH server on the file /etc/ssh/ssh_config must have GatewayPorts yes.
The SSH client must be able to reach the SSH server and the netbios server.
On the ssh client, issue the following commands:
ssh root@10.1.1.123 -R 139:192.168.3.4:139 sleep 99999
ssh root@10.1.1.123 -R 445:192.168.3.4:445 sleep 99999
Now the Netbios server can be reached through ports 139 and 445 in the SSH server.
MS SQL Server tunnel
On the ssh client, issue the following commands:
ssh root@10.1.1.123 -R 1433:192.168.3.113:1433 sleep 99999
Change passphrase with ssh-keygen
Script crontab establish connection
Crontab entry
0 0 * * * /root/autossh.sh
File to connect with autossh, /root/autossh.sh