Skip to content

Instantly share code, notes, and snippets.

@zwned

zwned/SSHenanigans.md

Last active October 7, 2022 15:50
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save zwned/60600f4232496f38bbc3148875a97191 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save zwned/60600f4232496f38bbc3148875a97191 to your computer and use it in GitHub Desktop.
Download ZIP
SSHenanigans.md
Raw
SSHenanigans.md

SSHenanigans

SSHenanigans! More than just a resteraunt with goofy shit on the wall and mozerella sticks.

Overview

  • SSH Tunnels
    • Local forwards
    • Remote forwards
    • Dynamic Forwards
    • VPN aka the redheaded stepchild
  • Tips n tricks

Realistically we only have 5 minutes so get with me after if something needs a bit more clarification Call bullshit if you hear bullshit and otherwise mock me

Host * ServerAliveInterval 30 ServerAliveCountmax 5 LogLevel QUIET IdentityFile ~/.ssh/zwned Compression yes User zwned ControlMaster auto ControlPath ~/.ssh/controlsocks/%h_%p

Host VanHalen HostName 3.4.5.6 Port 443

Host farmhouse HostName 1.2.3.4 ProxyCommand ssh VanHalen -W %h:%p LocalForward 3333 127.0.0.1:3333

Host LetsGetPhysical HostName 5.4.3.2 ProxyCommand ssh VanHalen -W %h:%p DynamicForward 1080 ReverseForward 42022 127.0.0.1:22

Local Forwards

Grab remote services down to your local machine

You're SSHd to a host with a database and you want to run your cool database app against the remote servers database

ssh -L local_ip:local_port:destination_ip:destination_port example.com

Examples:

ssh -L 0.0.0.0:5433:127.0.0.1:5432 example.com
ssh -L 1433:1.2.3.4:1433 example.com
ssh -L 192.168.1.37:8443:127.0.0.1:443 example.com

Remote Forwards

Shovel local services to your remote machines

You deploy a network dropbox and you want to ensure a remote host can ssh into the protected network

ssh -R local_ip:local_port:destination_ip:destination_port example.com

Examples:

ssh -R 22:127.0.0.1:42022 example.com
ssh -R 1.2.3.4:443:0.0.0.0:443 example.com

Dynamic Forwards

Create dynamic connections initiated from the remote host

You want to watch BBC4 but you dont live in the UK

ssh –D local_port

Example:

ssh -D 8080

VPN

Sit on the same network as the remote machine

Trying to perform limited layer 2 attacks against remote resources

ssh -w local_tuntap_number:remote_tuntap_number example.com

Tips n Trix

  • Tunnels in tunnels in tunnels in tunnels
  • ControlMaster
  • rc files
  • authorized_keys
  • ssh config

Tunelception

We need to go deeper:

  • ProxyCommand (OG)
ssh -o ProxyCommand="ssh -W %h:%p jump_server" final_destination
  • ProxyJump (NKOTB)
ssh -J jump_server final_destination
ssh -J jump_server1,jump_server2,jump_serverN final_destination

References

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment