ssh tunneling
What is SSH tunneling?
SSH tunneling (also referred to as SSH port forwarding) is simply routing local network traffic through SSH to remote hosts. This implies that all your connections are secured using encryption. It provides an easy way of setting up a basic VPN (Virtual Private Network), useful for connecting to private networks over unsecure public networks like the Internet.
You may also be used to expose local servers behind NATs and firewalls to the Internet over secure tunnels, as implemented in ngrok.
SSH sessions permit tunneling network connections by default and there are three types of SSH port forwarding: local, remote and dynamic port forwarding.
How to use SSH tunneling
Remote port forwarding allows you to connect from your remote machine to the local computer. By default, SSH does not permit remote port forwarding. You can enable this using the GatewayPorts directive in you SSHD main configuration file /etc/ssh/sshd_config on the remote host.
Open the file for editing using your favorite command line editor.
Look for the required directive, uncomment it and set its value to yes
, as shown in the screenshot.
Save the changes and exit. Next, you need to restart sshd to apply the recent change you made.
Doing the real work
lets say for example, we have 2 machines
Machine A (Native machine with MacOS) Machine B (Virtual machine with Kali Linux (and the ssh service))
Local port forwarding *
Local port forwarding allows you to forward traffic on a port of your local computer (A) to the SSH server (B), which is forwarded to a destination server (all other computers that can reach computer A).
in short service vm --> native pc, access on native pc
:
Your local computer will hold the content of a specific service of your ssh server, bound by port (also public services are possible). For example, an webserver on your sshserver:80 can be forwarded to currentComputer:1-65535
Remote port forwarding
Remote port forwarding is the exact opposite of local port forwarding. It forwards traffic coming to a port on your server (A) to your local computer (B), and then it is sent to a destination (all other computers that can reach computer A)
in short service native pc --> vm, access on vm
Your ssh server will hold the content of a specific service of your local computer (also public services are possible), bound by port. For example, an webserver on your currentComputer:80 can be forwarded to sshServer:1-65535
Reference
Last updated