Scribd
Upload
146 views28 pages

SSH Tunnelling

This document discusses SSH tunneling and provides examples of setting up different types of SSH tunnels. SSH tunneling allows encapsulating network traffic and encrypting it to privately share or communicate data between networks. There are three main types of SSH tunnels: dynamic, local, and remote. The document then provides step-by-step instructions on how to set up each type of SSH tunnel using both Windows Putty and Linux tools like SSH and tsocks. Dynamic tunnels allow access to any TCP service by configuring a SOCKS proxy. Local and remote tunnels forward specific local or remote ports to access an individual service.

Uploaded by

wwb167
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
146 views28 pages

SSH Tunnelling

This document discusses SSH tunneling and provides examples of setting up different types of SSH tunnels. SSH tunneling allows encapsulating network traffic and encrypting it to privately share or communicate data between networks. There are three main types of SSH tunnels: dynamic, local, and remote. The document then provides step-by-step instructions on how to set up each type of SSH tunnel using both Windows Putty and Linux tools like SSH and tsocks. Dynamic tunnels allow access to any TCP service by configuring a SOCKS proxy. Local and remote tunnels forward specific local or remote ports to access an individual service.

Uploaded by

wwb167
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 28

Introduction

Basically, tunnelling is a process that allows data sharing or communication between two different
networks privately. Tunneling is normally performed by encapsulating the private network data and
protocol information inside the public network broadcast units so that the private network protocol
information is visible to the public network as data.
SSH Tunnel: Tunneling is the concept of encapsulating the network protocol into another protocol. Here
we put it into SSH, so all network communication is encrypted. Because tunnelling
involves repackaging the traffic data into a different form, perhaps with encryption as standard, a third
use is to hide the nature of the traffic that is run through the tunnels.

Types of SSH Tunneling:


1. Dynamic SSH tunneling
2. Local SSH tunneling
3. Remote SSH tunneling

Let’s Begin!!
Objective: To establish an SSH connection between remote PC and the local system of the different
network.
Here I have set my own lab which consists of three systems in the following network:
SSH server (two Ethernet interface)
IP 192.168.1.104 connected with the remote system
IP 192.168.10.1 connected to local network system 192.168.10.2
SSH client (local network) holds IP 192.168.10.2
Remote system (outside the network)
In the following image, we are trying to explain the SSH tunnelling process where a remote PC is trying to
connect to 192.168.10.2, which is on the INTRANET of another network. To establish a connection with an
SSH client (raj), the remote PC will create an SSH tunnel which will connect with the local system via an
SSH server (Ignite).
NOTE: Service SSH must be activated

Page 2 of 27
The given below image describes the network configuration for the SSH server where it shows two IPs,
192.168.1.104 and another 192.168.10.1.

Another image given below describes the network configuration for the SSH client, which shows IP
192.168.10.2.

Page 3 of 27
Dynamic SSH Tunneling through Windows
The remote PC is attempting to connect to an SSH server (192.168.1.104) via port 22 and has successfully
logged in to the server. Here, we used putty to establish a connection between the SSH server (Ubuntu)
and the remote user (Windows).

Similarly, now the remote PC is trying to connect with the client PC (192.168.10.2) via port 22, since they
belong to different networks, he receives a network error.

Page 4 of 27
Step for Dynamic SSH tunneling
 Choose option SSH >Tunnel given in the left column of the category.
 Give new port forwarded as 7000 and connection type as dynamic and click on ADD at last.

Page 5 of 27
Now connect to SSH server 192.168.1.104 via port 22 and then click on "open" when all things are set.

Page 6 of 27
First, it will connect to the SSH server. As you can see, we are connected to the SSH server (Ignite).

Page 7 of 27
Now login into Putty again and give the IP of the client system as Host Name 192.168.10.2 and
Port 22 for SSH, then click on open.

Page 8 of 27
The open previous running window of putty choose Proxy option from the category and follow given
below step:

 Select proxy type as SOCKS 5


 Give proxy hostname as 127.0.0.1 and port 7000
 Click on open to establish a connection.

Page 9 of 27
Awesome!! We have successfully accessed the SSH client (raj) via port 7000.

Page 10 of 27
Dynamic SSH Tunneling through Kali Linux on Port 80
Now we are employing Kali Linux for SSH tunnelling and demonstrating how an attacker or Linux user can
take the privilege of tunnelling and can establish an SSH connection with client systems.

ssh -D 7000 [email protected]

Enter the user’s password for login and get access to the SSH server as shown below.

Page 11 of 27
Next, we need to set a network proxy for enabling socksv5 and for that follow below steps.

 In your web browser "Firefox" go to option for general setting tab and open Network Proxy.
 Choose No Proxy
 Enable socksv5

Add localhost, 127.0.0.1 as Manual proxy

Page 12 of 27
So from the given below image, you can perceive that now we are able to connect with the client at
192.168.10.2 via port 80.

Page 13 of 27
Dynamic SSH Tunneling through Kali Linux on Port 22
Now connect to the client machine through the given below command:

ssh -D 7000 [email protected]

Install tsocks from the apt repository with the following command:

apt install tsocks

Page 14 of 27
tsocks -Library for intercepting outgoing network connections and redirecting them through a SOCKS
server.

Open the tsocks.conf file for editing socks server IP and port, in our case we need to mention below two
lines and then save it.
Server = 127.0.0.1
Server_port = 7000

Now connect to the SSH client with the help tsocks using the given below command.

tsocks ssh [email protected]

Enter the password and enjoy access to the SSH client.

Page 15 of 27
Local SSH Tunneling through Windows
Local tunneling is a process to access a specific SSH client machine for communication. It lets you
establish a connection on a specific machine that is not connected to the internet.

The only difference between dynamic tunneling and local tunneling is that dynamic tunneling requires a
socks proxy for tunneling all TCP traffic, while local tunneling only requires a destination IP address.

Step for SSH Local tunneling

 Use putty to connect SSH server (192.168.1.104) via port 22 and choose option SSH
>Tunnel given in the left column of the category.

Page 16 of 27
 Give new port forwarded as 7000 and connection type as local
 Destination address as 198.168.10.2:22 for establishing a connection with the specific client and
click on ADD at last.
 Click on open when all things get set.

Page 17 of 27
First, this will establish a connection between the remote PC and the SSH server.

Page 18 of 27
Open a new window of putty and follow given below step:

 Give hostname as localhost and port 7000 and connection type SSH.
 Click on open to establish a connection.

Page 19 of 27
Awesome!! We have successfully access SSH client via port 7000

Page 20 of 27
Local SSH Tunneling through Kali Linux
Now again, we switch into Kali Linux for local tunneling, which is quite easy as compared to dynamic. To
forward ports to the local machine, run the command listed below.

ssh -L 7000:192.168.10.2:22 [email protected]

Page 21 of 27
Now open a new terminal and type the below command to connect to the SSH client.

ssh [email protected] -p 7000

Awesome!! We have successfully accessed the SSH client via port 7000

Remote SSH Tunneling through Putty


Remote tunneling is functional when a client machine wants to access a remote system that is outside of
its network.

First, you need to install Putty on our SSH server (ignite) and then follow the given steps.

Step for remote tunneling

 Enter remote system IP 192.168.1.108


 Mention port 22
 Go to SSH>tunnel options

Page 22 of 27
 Give new port forwarded as 7000 and connection type as Remote
 Destination address as 198.168.10.2:22for establishing a connection with the specific client and
click on ADD at last.
 Click on open when all things get set.

Page 23 of 27
Now the server will get connected to Remote system as shown in below image.

Page 24 of 27
Come back to the remote system and enter the following command to start with the SSH client machine.

ssh [email protected] -p 7000

From the given below image, you can observe that we have successfully connected with an SSH client
machine via port 7000.

Page 25 of 27
Remote SSH Tunneling through Ubuntu
If you are not willing to use putty for remote tunneling, then you can execute the following command.

ssh -R 7000:192.168.10.2:22 [email protected]

Here, 192.168.1.10.2 is our local client (raj) IP and 192.168.1.108 is our remote system IP.

Come back to the remote system and enter the following command to start with the SSH client machine.

ssh [email protected] -p 7000

Page 26 of 27
From the given below image, you can observe that we have successfully connected with an SSH client
machine via port 7000.

Page 27 of 27
JOIN OUR
TRAINING PROGRAMS
H ERE
CLICK BEGINNER

Bug Bounty Network Security


Ethical Hacking Essentials

Network Pentest
Wireless Pentest

ADVANCED

Burp Suite Pro Web Pro Computer


Services-API Infrastructure VAPT Forensics

Advanced CTF
Android Pentest Metasploit

EXPERT

Red Team Operation

Privilege Escalation
APT’s - MITRE Attack Tactics
Windows
Active Directory Attack
Linux
MSSQL Security Assessment

www.ignitetechnologies.in

You might also like