SSHenanigans ============= SSHenanigans! More than just a resteraunt with goofy shit on the wall and mozerella sticks. --- # Overview * SSH Tunnels * Local forwards * Remote forwards * Dynamic Forwards * VPN aka the redheaded stepchild * Tips n tricks > Realistically we only have 5 minutes so get with me after if something needs a bit more clarification > Call bullshit if you hear bullshit and otherwise mock me --- Host * ServerAliveInterval 30 ServerAliveCountmax 5 LogLevel QUIET IdentityFile ~/.ssh/zwned Compression yes User zwned ControlMaster auto ControlPath ~/.ssh/controlsocks/%h_%p Host VanHalen HostName 3.4.5.6 Port 443 Host farmhouse HostName 1.2.3.4 ProxyCommand ssh VanHalen -W %h:%p LocalForward 3333 127.0.0.1:3333 Host LetsGetPhysical HostName 5.4.3.2 ProxyCommand ssh VanHalen -W %h:%p DynamicForward 1080 ReverseForward 42022 127.0.0.1:22 --- # Local Forwards Grab remote services down to your local machine > You're SSHd to a host with a database and you want to run your cool database app against the remote servers database ```bash ssh -L local_ip:local_port:destination_ip:destination_port example.com ``` Examples: ```bash ssh -L 0.0.0.0:5433:127.0.0.1:5432 example.com ssh -L 1433:1.2.3.4:1433 example.com ssh -L 192.168.1.37:8443:127.0.0.1:443 example.com ``` --- # Remote Forwards Shovel local services to your remote machines > You deploy a network dropbox and you want to ensure a remote host can ssh into the protected network ```bash ssh -R local_ip:local_port:destination_ip:destination_port example.com ``` Examples: ```bash ssh -R 22:127.0.0.1:42022 example.com ssh -R 1.2.3.4:443:0.0.0.0:443 example.com ``` --- # Dynamic Forwards Create dynamic connections initiated from the remote host > You want to watch BBC4 but you dont live in the UK ```bash ssh –D local_port ``` Example: ```bash ssh -D 8080 ``` --- # VPN Sit on the same network as the remote machine > Trying to perform **limited** layer 2 attacks against remote resources ```bash ssh -w local_tuntap_number:remote_tuntap_number example.com ``` * see: https://help.ubuntu.com/community/SSH_VPN --- # Tips n Trix * Tunnels in tunnels in tunnels in tunnels * ControlMaster * rc files * authorized_keys * ssh config --- # Tunelception We need to go deeper: * ProxyCommand (OG) ```bash ssh -o ProxyCommand="ssh -W %h:%p jump_server" final_destination ``` * ProxyJump (NKOTB) ```bash ssh -J jump_server final_destination ssh -J jump_server1,jump_server2,jump_serverN final_destination ``` --- # References * https://github.com/ivantsepp/ssh-slides