Reverse port forwarding[edit | edit source]

https://www.howtoforge.com/reverse-ssh-tunneling and http://cb.vu/unixtoolbox.xhtml

Ssh into another pc via a VPS from a client pc behind a NAT or router where the ports are blocked. The idea is for the target pc to create a SSH tunnel to either a server or directly to the client pc. Because we don't wish to expose the client pc's ports to the world a server is used as an intermediary. From the client pc we are finally able to create a ssh session back to the target through this tunnel.

Reverse SSH from the Target PC to the middleman:

ssh -R {PortOnMiddlePC}:localhost:{PortOnTargetPC} {UserOnMiddlePC}@{IPofMiddlePC}

ssh -R 19999:localhost:22 middleman@188.88.88.88

ssh -R remoteport:localport middleman@188.88.88.88 forward whatever connects to the remote host:port on the middleman pc back to the localhost:port from which the ssh -R command is executed(target pc in the context of this example). If you were physically on the server you would ssh to the target pc via the tunnel created by the targetpc with ssh targetusername@localhost -p 19999

But because you're not on the middelman pc you have to pull down port 19999 from it:

ssh -L {PortOnClientPC}:localhost:{PortOnMiddlePC} {UserOnMiddlePC}@{IPofMiddlePC}

ssh -L 19999:localhost:19999 middleman@188.88.88.88

ssh -L localport:remoteport middleman@188.88.88.88 Forward whatever connects to the localhost:port on client pc to the localhost:port on the middleman pc.

ssh the Target PC from the Client PC in another terminal:

ssh target@localhost -p {PortForwardedFromTargetPC}

ssh targetusername@localhost -p 19999

Using ssh localhost -p 19999 instead will attempt to login as client pc user, instead of as the user on the target pc. /var/log/auth.log flagged that I attempted to login as the wrong user. In other words what we attempted to do on the server pc with ssh targetusername@localhost -p 19999 is now executed on the client pc via local port forwarding from the client pc.

Enable GateWayPorts in the sshd_config file under /etc/ssh on the target pc. The client pc doesn't need sshd_config enabled. As an additional security measure use the -x flag (ssh -x target@localhost -p 19999) if you don't wish to run a X11 session, preventing the target pc from attacking the client pc. Use (ssh -X target@localhost -p 19999) for X11 session.

udp over ssh[edit | edit source]

  1. https://copyconstruct.medium.com/socat-29453e9fc8a6
  2. https://superuser.com/questions/1532374/ssh-tunnel-socat-udp-unicast-multicast and refs
  3. https://stackpointer.io/network/ssh-port-forwarding-tcp-udp/365/
  4. https://superuser.com/questions/62303/how-can-i-tunnel-all-of-my-network-traffic-through-ssh
  5. https://superuser.com/questions/331582/netcat-socat-behavior-with-piping-and-udp?rq=1
  6. https://superuser.com/questions/771155/impersonate-a-serial-device-with-socat?rq=1 SERIAL OVER SOCAT

superuser 53103[edit | edit source]

  1. https://superuser.com/questions/53103/udp-traffic-through-ssh-tunnel?rq=1 links to https://securesocketfunneling.github.io/ssf/#home
  2. http://zarb.org/~gc/html/udp-in-ssh-tunneling.html with netcat but Brian Marshall and Zakaria have an alternative solution using socat. It eliminates the fifo file requirement. Here's how to do:
Server side: socat tcp4-listen:5353,reuseaddr,fork UDP:nameserver:53
Client side: socat -T15 udp4-recvfrom:53,reuseaddr,fork tcp:localhost:5353 
  1. https://www.morch.com/2011/07/05/forwarding-snmp-ports-over-ssh-using-socat/ ...And this is the main improvement of socat over nc. nc will do it for one single UDP port combination, which means it will work for SNMP for "some time" until the SNMP manager chooses another source port (which it is free to do for every request). Socat handles that. nc doesn't. So with nc, SNMP forwarding will work "for a little while" only.

And not at all with parallel requests. – Peter V. Mørch Apr 20 '20 ..

sshuttel ,proxychains[edit | edit source]

  1. https://github.com/rofl0r/proxychains-ng
  2. https://superuser.com/questions/62303/how-can-i-tunnel-all-of-my-network-traffic-through-ssh #sshuttle
  3. https://www.tunnelsup.com/how-to-create-ssh-tunnels/
  4. https://github.com/sshuttle/sshuttle

socat[edit | edit source]

  1. https://gist.github.com/cfra/752d6e761225fd5bf783b44abe30f707#file-ethernet-socat-ssh-md
  2. https://gist.github.com/lene/a517e635de86e73f6a981b0b584fb68a socat socks4 over tor
  3. http://www.dest-unreach.org/socat/doc/linuxwochen2007-socat.pdf
  4. http://www.dest-unreach.org/socat/doc/
  5. https://github.com/freelan-developers/freelan and http://www.freelan.org/ VPN client
  6. http://www.pocketnix.org/posts/Linux%20Networking:%20MAC%20VLANs%20and%20Virtual%20Ethernets
  7. https://www.redhat.com/sysadmin/getting-started-socat
  8. https://www.linux.com/news/socat-general-bidirectional-pipe-handler/ VPN with single line
  9. https://github.com/craSH/socat/blob/master/EXAMPLES
  10. https://web.archive.org/web/20140228075602/http://www.ping.eti.br/docs/01/13.txt from https://gist.github.com/dergachev/7913990

gatewayports[edit | edit source]

https://github.com/sumup-oss/gocat socat alternative

make ssh tunnel publicly accessible Warning: if you set GatewayPorts to yes this will make sshd bind your forwardings to any interface - regardless of the client configuration (-R, etc.). This can become quite a security issue if the client assumes he has limited his forwardings to f.e. localhost. Therefore, setting GatewayPorts to clientspecified is usually what you want.

Here's my answer for completion:

I ended up using ssh -R ... for tunneling, and using socat on top of 
that for redirecting network traffic to 127.0.0.1:
tunnel binded to 127.0.0.1:
ssh -R mitm:9999:<my.ip>:8084 me@mitm
socat TCP-LISTEN:9090,fork TCP:127.0.0.1:9999
Other option is to do a local-only tunnel on top of that, but i
find this much slower
ssh  -L<mitm.ip.address>:9090:localhost:9999 localhost

ssh keys[edit | edit source]

create private public keys https://medium.com/risan/upgrade-your-ssh-key-to-ed25519-c6e8d60d3c54

ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C "john@example.com" Only a quantum mechanics type source of indeterminacy(not randomness, which doesn't exist) enables a enough entropy(nobody knows what this word means) seed. With a concentrate of energy we have high "entropy", as the energy fills the medium we have low entropy. Usually such a situation is designed(binary opposite of random) like heating the end of a metal bar, loading it with high entropy and then allowing the heat to disperse into a low state of entropy.

Your computer's random number generator isn't connected to a Geiger counter measuring radioactive decay(source of quantum indeterminacy), hence no entropy. All those garbled numbers in your private and public keys only seem garbled, they are actually an easily cracked pattern. If you do use a Geiger counter, the minix operating system on which all OS install will flag you as a high value target back to CIA headquarters. In this numberphile video, the mathematician was unable to define what randomness is because it doesn't exist. He flails around , using analogous reasoning but of course you can't solve problem you can't even define which is why for example https://en.wikipedia.org/wiki/Theory_of_Evolution redirects to https://en.wikipedia.org/wiki/Evolution: there is no such thing as a theory of evolution because nobody knows what is the Lagrangian that maps polypeptide space into frog space. If pigs had wheels mounted on ball bearings instead of trotters, on what scale of porcine fitness would they be?

https://en.wikipedia.org/wiki/Evolution...Evolution is change in the heritable characteristics of biological populations over successive generations...

If Wikipedia had written: Evolution is change in the heritable characteristics of biological populations over successive generations as the Lagrangian maps the quantum entangled DNA super computed calculations from polypeptide dinosaur space into chicken space... then at least the statement would enter the domain of Popper falsifiability but not though escape Agrippian circularity.

notes[edit | edit source]

https://www.ettercap-project.org/

https://raymii.org/s/tutorials/Limit_access_to_openssh_features_with_the_Match_keyword.html

https://bugzilla.mindrot.org/show_bug.cgi?id=match

https://bbs.archlinux.org/viewtopic.php?id=121945

https://www.linuxquestions.org/questions/linux-security-4/ssh-deny-all-users-except-one-277288/ allow deny

https://github.com/g0tmi1k/debian-ssh

http://web.archive.org/web/20110723091928/http://digitaloffense.net/tools/debian-openssl

https://security.stackexchange.com/questions/127346/ssh-keygen-how-is-the-seed-generated

https://github.com/openssh/openssh-portable/blob/master/sshkey.c#L1652 static int ecdsa_generate_private_key(u_int bits, int *nid, EC_KEY **ecdsap)

https://www.youtube.com/watch?v=EjARnLxSqOg metasploit https://github.com/rapid7/metasploit-framework create reverse shell.

links[edit | edit source]

MeshNetworking main page documenting the locustworld.com mesh networking technology.

  1. http://16s.us/OpenBSD/acls.txt ssh secure shell from home to work computer
  2. http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1 command descripts
  3. http://16s.us/OpenBSD/
  4. http://www.thegeekstuff.com/2010/12/50-unix-linux-sysadmin-tutorials/
  5. http://www.revsys.com/writings/quicktips/ssh-tunnel.html


Ftp

Community content is available under CC-BY-SA unless otherwise noted.