Step by step _SSH port forwarding set of experiments

SSH port forwarding

SSH automatically encrypts and decrypts the data network between all SSH client and server. However, SSH is also possible to other network data to TCP port forwarding through the SSH link, and automatically provides the appropriate encryption and decryption services. This process is also called "tunnel" (tunneling), because SSH provides a secure channel for other TCP transport links to the name. For example, Telnet, SMTP, LDAP TCP these applications are able to benefit from, to avoid the transmission of clear text user names, passwords and private information. At the same time, if the work environment in the firewall restricts the use of some network ports, but allow SSH connections, it is possible by using SSH TCP port forwarding to communicate

• SSH port forwarding provides two functions:
  1. end to the encrypted SSH Client SSH Server communication data between the terminal
  2. The breakthrough firewall restrictions to complete some of the TCP connection can not be established before

Experiment: SSH key-based authentication implementation

1. The client generates a key pair

ssh-keygen -t rsa [-P ''] [-f "~/.ssh/id_rsa"]
#可以-P指定密码，-f指定密钥对的存放路径

2. The public key file to a remote server corresponding to the user's home directory

ssh-copy-id 192.168.88.65
#格式：ssh-copy-id [-i [identity_file]] [user@]host

4. Connection Test

ssh 192.168.88.65

• You do not need to enter the password

5. If the private key password, you can use the certification agency, so only need to enter once per session password

ssh-agent bash
ssh-add
#提示输入密码

Experiment: Based on key verification in SecureCRT or Xshell

1. Click ⼯ with xshell choose a new user keys Use Wizard
   

2. In the dialog box, select the rsa encryption algorithm and a secret key length, click on the record the next step
   

3. After the secret key ⽣ Click to record the next step
   

4. To the secret key from ⼀ names, need to decide whether you need to set according to the private key password. Then click on the record the next step:
   

5. Copy the files out of the public key, click Done, and then the public is writing to authorized_keys hostA in:
   

6. New connections in Xshell ⼀, fill in the corresponding ip address and port number-connector
   

7. Using the selected parts of the user authentication chest upwards, the publickey Remedies select, and enter into the START ⽣ username before first use, the user select Use password, and click OK
   

8. After the session ⽣ to click the link, if not need to lose START root password to log successful test ⼀:
   

Experiment: SSH forwarding local end-connector

• 当访问本机的9527的端口时，被加密后转发到sshsrv的ssh服务，再解密被转发到telnetsrv:23
• data → localhost:9527 → localhost:XXXXX(ssh client) → ssh server:22 → ssh server:YYYYY(telnet client) → telnet server:23
  简单说下： 现在有个用户想从公司外部用telnet访问在防火墙的内部的主机C，而telnet是明文传输，不具有安全性。我们可以用ssh先登录到host B，在host B上开启端口转发到host C。相当于使用安全的ssh来传输telnet数据。

0. 实验准备
   CentOS6 172.16.10.10 host A
   CentOS7 172.16.10.20 host B
   CentOS7 172.16.10.30 host C

host A

1. 在node1上安装telnet客户端，关闭selinux，情况防⽕墙

yum -y install telnet
setenforce 0
iptables -F

host C

2. 在node3关闭selinux，关闭firewalld并清空规则，安装telnet-server服务并启动

iptables -F
setenforce 0
yum -y install telnet
systemctl start telnet.socket
ss -tnl
#显示23端⼝在监听状态 

3. 在node3上创建alice⽤户，并禁止host A的直接访问

useradd alice
echo "123456" | passwd --stdin alice
iptables -A INPUT -s 172.16.10.10 -j REJECT
iptables -nL

host A

4. 在node1上使⽤ping 命令ping node3，使⽤telnet 登录node3的alice⽤户

ping 172.16.10.30
telnet 172.16.10.30

host B

5. 在node2 上ping node3并测试ssh 链接node3的alice⽤户

ping 172.16.10.30
ssh [email protected]

host A

6. 在node1上进⾏ssh本地转发

ssh -L 9527:172.16.10.30:23 172.16.10.20 -fN
#ssh -L 本地端口:hostC的IP:hostC的端口 hostB -后台运行
ss -tnl
#查看监听的端口

7. 使⽤telnet链接node3的alice⽤户，登录成功

telnet 127.0.0.1 9527

8. 想要结束端口转发，可以killall

killall ssh

实验：SSH远程转发

• 让sshsrv侦听9527端口的访问，如有访问，就加密后通过ssh服务转发请求到本机ssh客户端，再由本机解密后转发到telnetsrv:23
• Data → sshsrv:9527 → sshsrv:22 → localhost:XXXXX → localhost:YYYYY → telnetsrv:23
  简单说下： node2通过ssh服务连接node1 ，node1 通过127.0.0.1 9527 将信息通过已经建⽴的ssh发给node2，node2拿到信息后直接发给node3的telnet服务，实现ssh远端转发连接。
  

实验环境如同上一个实验一致，同样hostC是禁用hostA的直接访问的。开始前，如果做过了上面的本地端口转发实验，先把hostA的SSH后台进程关了

host A

1. 关闭host A上SSH相关的进程

killall ssh

host B

1. 在host B上创建ssh远程转发，-Nf实现进程后台运⾏

ssh -R 9999:172.16.10.30:23 172.16.10.10 -fN
#ssh 要转发的端口：hostC的ip：hostC的端口 hostA的ip -后台运行

host A

2. 在hostA上查看监听端⼝号 9527，使⽤telnet远程连接hostC

ss -tnl | grep 9527

3. 这样就连接就建立了，可以使用telnet连接hostC了

telnet 127.0.0.1 9999

host B

3. 关闭hostB上的ssh远程转发进程，

killall ssh

实验：SSH动态端⼝转发

• 当用firefox访问internet时，本机的1080端口做为代理服务器，firefox的访问请求被转发到sshserver上，由sshserver替之访问internet
• 在本机firefox设置代理socket proxy:127.0.0.1:1080
  curl --socks5 127.0.0.1:1080 http://www.google.com
  前面的实验目标只有主机1个，那如果我们要实现多个主机的访问呢？这时候就要用到动态端口转发了。
  

host B

0. 同样我们在开始之前，要把上一个实验的SSH关掉

killall ssh

host C

1. 我们在hostC上安装httpd服务，开启httpd服务，编写测试主页index.html，写个文本"www.google.com"来模拟被墙掉的网站

yum -y install httpd 
echo "www.gooooooogle.com" >/var/www/html/index.html
systemctl start httpd
ss -tnl

host A

2. 测试⼀下hostA是否可以访问hostC的httpd服务，因为被墙的关系，我们访问不了hostC

curl 172.16.10.30

host B

3. Without being wall on hostB, so you can

curl 172.16.10.30

host A

4. Open ssh on hostA dynamic end-connector forward and achieve curl visit node3 of service httpd

ssh -gD 1000 [email protected] -Nf
#-D 后面是端口。ip当然是要写hostB啦
curl --socks5 127.0.0.1:1000 172.16.10.30

host C

5. If you would like to access our computer hostC, when we can hostA to the proxy server. Before the operation, we first put on hostC computer ip banned, the wall can not be used to simulate on google. This is also roughly the scientific principles of the Internet.

iptables -A INPUT -s 172.16.23.100 -p tcp --dport 80 -j REJECT

6. On chrome us to set the proxy, proxy settings Open 1 set -2 -3 -4 LAN Settings to open the proxy settings Advanced -6 -5 socket: Fill hostA settings
   

7. connection succeeded