Presentation is loading. Please wait.

Presentation is loading. Please wait.

Daemon issue 14 SSH Port Forwarding Yannis Tsopokis Wednesday, April 26 th 2006.

Published byTobias Holmes Modified over 9 years ago

Similar presentations

Presentation on theme: "Daemon issue 14 SSH Port Forwarding Yannis Tsopokis Wednesday, April 26 th 2006."— Presentation transcript:

1 daemon issue 14 http://daemon.di.uoa.gr/daemon/issue14 SSH Port Forwarding Yannis Tsopokis Wednesday, April 26 th 2006

2 SSH (SSH client) is a program that allows as to connect to a remote computer and execute commands. Its difference from telnet is that it establishes a secure (encrypted) communication channel. Furthermore we can send any kind of data through this channel. We will discuss how we can use ssh to establish a secure channel, not for executing remote commands, but to transfer data, even between nodes that cannot contact each other directly (due to firewalling or other reasons) What is ssh SSH port forwardingWednesday, April 26 th 2006 2

3 Lets say we want to connect with an Oracle DB server that only accepts database connections from an ip range. How can we connect to the db server from another ip? With ssh -L ! ssh -L : : user@host-gateway You specify that port xxx of the local host will be forwarded to port yyy of remote-host, through host-gateway. ***Only root can forward privileged ports (<=1024)*** What we want to do How to use it SSH port forwardingWednesday, April 26 th 2006 3

4 ssh -L 1521:dbserver.domain.com:1521 userx@host.domain.com -Nf which forwards local port 1521 (oracle default), through host.domain.com (which must have sshd running), at port 1521 of dbserver. We will be asked for our password of userx at host.domain.com! client host dbserver incoming port 1521 Example incoming port 1521 SSH port forwardingWednesday, April 26 th 2006 4

5 ssh -L 1521:dbserver.domain.com:1521 userx@dbserver.domain.com -Nf in this case we have the same result but it is more secure since the data travel through the encrypted channel up to dbserver, while in the previous example data travelled unencrypted from host to dbserver. client dbserver incoming port 1521 Example incoming port 1521 SSH port forwardingWednesday, April 26 th 2006 5

6 Another occasion is when we want to mount a remote file system, and we cannot talk to the remote host directly. we first open the encrypted channel ssh -L 6666:192.168.0.1:139 user@gateway -Nf and then mount the remote file system mount -t smbfs -o port=6666 //localhost/share/remote_folder Mount remote filesystem SSH port forwardingWednesday, April 26 th 2006 6

7 localhost remote ssh -R : : user@remote-host There also is reverse port forwarding, which does the reverse. It forwards port xxx of remote-host to port yyy of local-host. Reverse port forwarding incoming port xxx incoming port yyy SSH port forwardingWednesday, April 26 th 2006 7

8 The end! SSH port forwardingWednesday, April 26 th 2006 8 References: [1] Openssh : http://www.openssh.com [2] SSH: The Secure Shell, O'Reilly Book by Danie J. Barret & Richard E. Silverman. [3] man page of ssh. [4] ProxyTunnel: http://proxytunnel.sourceforge.net/papers/muppet-200204.html [5] ssh tunnels: http://www.linuxlogin.com/linux/admin/sshtunnels.php

Download ppt "Daemon issue 14 SSH Port Forwarding Yannis Tsopokis Wednesday, April 26 th 2006."

Similar presentations

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Ferry Astika Saputra Workshop Administrasi Jaringan TELNET & SSH.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Ferry Astika Saputra Workshop Administrasi Jaringan TELNET & SSH.
Secure Shell – SSH Tam Ngo Steve Licking cs265. Overview Introduction Brief History and Background of SSH Differences between SSH-1 and SSH- 2 Brief Overview.

Secure Shell – SSH Tam Ngo Steve Licking cs265. Overview Introduction Brief History and Background of SSH Differences between SSH-1 and SSH- 2 Brief Overview.
Chapter 21 Security. Computer Center, CS, NCTU 2 Firewall (1)  Using ipfw 1.Add these options in kernel configuration file and recompile the kernel 2.Edit.

Chapter 21 Security. Computer Center, CS, NCTU 2 Firewall (1)  Using ipfw 1.Add these options in kernel configuration file and recompile the kernel 2.Edit.
Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.

Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.
Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.

Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
SSL Man in the Middle Proxy Srinivas Inguva Dan Boneh Ian Baker Stanford University.

SSL Man in the Middle Proxy Srinivas Inguva Dan Boneh Ian Baker Stanford University.
Common network diagnostic and configuration utilities A ‘toolkit’ for network users and managers when ‘troubleshooting’ is needed on your network.

Common network diagnostic and configuration utilities A ‘toolkit’ for network users and managers when ‘troubleshooting’ is needed on your network.
Www.BeyondSecurity.comwww.SecurITeam.com Beyond Security Ltd. Port Knocking Beyond Security Noam Rathaus CTO Sunday, July 11, 2004 Presentation on.

Beyond Security Ltd. Port Knocking Beyond Security Noam Rathaus CTO Sunday, July 11, 2004 Presentation on.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Security Strategies in Linux Platforms and.

© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Strategies in Linux Platforms and.
Remote access and file transfer Getting files on and off Bio-Linux.

Remote access and file transfer Getting files on and off Bio-Linux.
Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.

Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.
4-1 PSe_4Konf.503 EAGLE Getting Started and Configuration.

4-1 PSe_4Konf.503 EAGLE Getting Started and Configuration.
Telnet/SSH: Connecting to Hosts Internet Technology1.

Telnet/SSH: Connecting to Hosts Internet Technology1.
Understanding VPN Concepts Virtual Private Network (VPN) enables computers to –Communicate securely over insecure channels –Exchange private encrypted.

Understanding VPN Concepts Virtual Private Network (VPN) enables computers to –Communicate securely over insecure channels –Exchange private encrypted.
Network Address Translation (NAT) CS-480b Dick Steflik.

Network Address Translation (NAT) CS-480b Dick Steflik.
Chapter 10 Networking and the Internet ITSC 1458.

Chapter 10 Networking and the Internet ITSC 1458.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols.

Similar presentations

Ads by Google