Understanding of SSH Tunneling




Today’s Tutorial will teach you how ssh Tunnels work. This is not a Hacking Tutorial ( but you can use the Knowledge you will have for hacking : make socks proxy or stay on a target machine with reverse ssh). SSH Tunnelling will help you to access services behind a Nat or a Firewall.

Well, it’s time to talk about SSH

What is ssh ?

Here what is ssh ( thank to our good friend Wikipedia )

Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network.The best known example application is for remote login to computer systems by users.

SSH provides a secure channel over an unsecured network in a client-server architecture, connecting an SSH client application with an SSH server. Common applications include remote command-line login and remote command execution, but any network service can be secured with SSH. The protocol specification distinguishes between two major versions, referred to as SSH-1 and SSH-2.

SSH help you secure your connection between two host. This is a really good protocol if you want to avoid man in the middle attack !

How to connect to a machine behind NAT / Firewall

Here a little network diagram

The server block ssh connection so you won’t be able to acces your the server from home.
What we will learn is to do a reverse ssh Connection, the server will connect to a public server and then you will be able to ssh to the server

Here are the step to connect to the server who is behind a firewall :

  • forward the port 22 of the E-CorpServer to the port 1234 of your server
  • Connect to your server from home
  • Connect to the E-CorpServer from your server

The E-CorpServer will connect to your server through ssh and do a remote port forwarding
E-CorpServer -> hackerserver:22
then Forward port 22 to hackerserver:1234

Your home machine will connect to hackserver

home -> hackserver:22
and then
hackserver -> localhost:1234

Accessing the internal Web Server of E-Corp

Here the story :

You have succefully get a root shell on the E-CorpServer, you use the reverse ssh to be able to connect from home but you want to acces the web internal web page from your browser

Here what you should do :

  • forward the port 8080 of the E-CorpServer to the port 8080 of your server
  • forward your local port 80 to the remote port 8080 of your server

And you will be able to browse their internal web server : )

Hope You understand how ssh tunneling work !

About the Nebula Serie

Here a poll for you to decide if I stop the nebula serie or if I do something else

  • Stop the Nebula series
  • The Series is good ! I want more tutorial
  • We want Tutorial on android Malware !

0 voters

See you for my Next tutorial ! : )

(The C# Dude) #2

Sadly there isn’t a choice for the Nebula and Android malware series :smile:.


Thanks, didn’t really understand ssh so this helps a bunch! Also loved the Mr. Robot references. Nice job!

(Command-Line Ninja) #4

When we make a Linux category, do you think this would belong there?


Yes we can put this tutorial in the linux Category

Introducing the New Linux Categories
(system) #6

This topic was automatically closed after 30 days. New replies are no longer allowed.