Monday, April 26, 2010

Living in Tunnels: beyond basic SSH

Posted by at 5:58 PM
Poor Man's VPN... 
use the ssh -D flag to create a socks proxy to a remote machine and then push your traffic through it by pointing applications at the local endpoint. Really handy for coffee shops, airports, any public network in general. I use it with the foxyproxy addon for firefox.

ruiner@maelstrom ~ $ ssh -D 1234 user@remotemachine.tld
ruiner@maelstrom ~ $ netstat -auntp | grep 1234
tcp        0      0 127.0.0.1:1234          0.0.0.0:*               LISTEN      20846/ssh

Connect the Pipes...
The -L and -R flags allow for the forwarding of ports from one machine to another through an ssh connection. This can be highly entertaining as well as generally useful, particularly in getting around firewall restrictions.

the following opens a local port listening on 8081 which forwards all traffic to the the remote machine on that same port. I've used this when dealing with the occasionally oddly port numbered webgui thats on a box sitting behind a firewall.
ruiner@maelstrom ~ $ ssh -L 8081:localhost:8081 user@remotemachine.tld

and this one is the inverse, forwarding a local port to a remote machine. For instance, temporarily running your webserver off of your laptop instead of the acctual machine while you fix somthing...
ruiner@maelstrom ~ $ ssh -R 80:localhost:80 user@remotemachine.tld

You can acctually build some pretty interesting chains of ssh tunnels using those two commands alone.

Can you hear me now?...
I often run into the problem of running a command on a remote system that takes time to complete, and for one reason or another the connection is dropped and that program's execution is terminated as well. The answer is to utilize the "nohup" command which will allow the process to continue even if ssh times out or exits.

ruiner@maelstrom~$ ssh user@remotemachine.tld nohup sudo emerge  --sync

Long Range Gui...
I honestly don't use xforwarding much except for accessing some gui programs in Solaris, and even thats pretty rare. However, it can be pretty entertaining and occasionally handy to squeeze your xorg server though the tubes and have it pop out gui apps wherever you'd like

The following will run the msfgui (yeah, i know it's deprecated, but if yer going to forward something it may as well be something cool) that is installed on a remote system locally through ssh using high compression, a speedier encryption algorithm, and a faster but less secure xforward flag (Y).

ruiner@maelstrom~$ ssh -Y -C -c blowfish user@remotemachine.tld /pentest/framework3/msfgui

More to be added later...
Labels: ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)