Tuesday, December 30, 2014

Let's build a tunnel.



Ever want to access your own site with a bit of privacy? Tunnelling can be a way to do that. It does require user rights on the intended machine to be the host. If yoy look at a web site, you see the normal url something.something. sitetype. In this case we are just going to oeorgan1. Bue what we would like to do is try to encrypt the connection between the two machines.


One traditional way to do it is using the secure shell (SSH) , but you could probably also use a program called putty.  Here is the simplest version:


ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]
[-D port] [-e escape_char] [-F configfile] [-i identity_file] [-L
[bind_address:]port:host:hostport] [-l login_name] [-m mac_spec]
[-O ctl_cmd] [-o option] [-p port] [-R
[bind_address:]port:host:hostport] [-S ctl_path] [user@]hostname
[command]

 $ sudo ssh  -L 80:localhost:80 eddie@oeorgan1

But if we did this it would open a prompt that I do not want.



if we use the -N will still let us in but there is no command prompt generated.


 What we have done is point our localhost to another computer as if it was our own. So now if we use localhost as the url in the browser it shows the web page of the system we are connected to.


So now any communication should be encrypted between the two machines. You can still go to other websites.


When we are done we can terminate the connection with a <ctrl>C.


So now if we go to localhost after refreshing the connection, the normal page should come up.


-------------------------------------------------------------------------------
Reverse SSH Tunneling Have you ever wanted to ssh to your Linux box that sits behind NAT? Now you can with reverse SSH tunneling. This document will show you step by step how to set up reverse SSH tunneling. The reverse SSH tunneling should work fine with Unix like systems. Let's assume that Destination's IP is 192.168.20.55 (Linux box that you want to access).  You want to access from Linux client with IP 138.47.99.99.  Destination (192.168.20.55) <- |NAT| <- Source (138.47.99.99) 1. SSH from the destination to the source (with public ip) using command below:

$ ssh -R 19999:localhost:22 sourceuser@138.47.99.99

* port 19999 can be any unused port.

2. Now you can SSH from source to destination through SSH tuneling:

$ ssh localhost -p 19999

3. 3rd party servers can also access 192.168.20.55 through Destination (138.47.99.99).  Destination (192.168.20.55) <- |NAT| <- Source (138.47.99.99)
<- Bob's server 3.1 From Bob's server:

$ ssh sourceuser@138.47.99.99

3.2 After the sucessful login to Source:

$ ssh localhost -p 19999

* the connection between destination and source must be alive at all time.

Tip: you may run a command (e.g. watch, top) on Destination to keep the connection active.

Typical session: (typo1 is the server)

Typo1
-----------------------------------------------------------

          inet addr:192.168.0.100  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::210:5aff:fe19:fd88/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1492  Metric:1
          RX packets:858 errors:0 dropped:0 overruns:0 frame:0
          TX packets:750 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:387860 (378.7 KiB)  TX bytes:99206 (96.8 KiB)
          Interrupt:9 Base address:0x4800

          inet addr:192.168.0.100  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::210:5aff:fe19:fd88/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1492  Metric:1
          RX packets:858 errors:0 dropped:0 overruns:0 frame:0
          TX packets:750 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:387860 (378.7 KiB)  TX bytes:99206 (96.8 KiB)
          Interrupt:9 Base address:0x4800
eddie@typo1:~$ ssh -R 19999:localhost:22 eddie@192.168.1.126
eddie@192.168.1.126's password:
Welcome to Ubuntu 14.04.1 LTS (GNU/Linux 3.13.0-43-generic i686)

 * Documentation:  https://help.ubuntu.com/

No mail.
Last login: Tue Dec 30 21:01:52 2014 from dsl
eddie@oelt02:~$
eddie@typo1:~$ ssh -R 19999:localhost:22 eddie@192.168.1.126
eddie@192.168.1.126's password:
Welcome to Ubuntu 14.04.1 LTS (GNU/Linux 3.13.0-43-generic i686)

 * Documentation:  https://help.ubuntu.com/

No mail.
Last login: Tue Dec 30 21:01:52 2014 from dsl
eddie@oelt02:~$

 oelt02:
------------------------------------------------------------
$ ifconfig
eth0      Link encap:Ethernet  HWaddr 00:00:00:00:00:00
          inet addr:192.168.1.126  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1200  Metric:1
          RX packets:19375 errors:0 dropped:0 overruns:0 frame:0
          TX packets:17998 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:7997509 (7.9 MB)  TX bytes:4431653 (4.4 MB)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:129 errors:0 dropped:0 overruns:0 frame:0
          TX packets:129 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:18101 (18.1 KB)  TX bytes:18101 (18.1 KB)

eddie@oelt02:~$ ssh localhost -p 19999
eddie@localhost's password:
Linux typo1 3.2.0-4-686-pae #1 SMP Debian 3.2.63-2+deb7u2 i686

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
You have new mail.
Last login: Tue Dec 30 03:16:31 2014


eddie@typo1:~$


No comments:

Post a Comment