How To Share A SSH Tunnel In A Network Using A Router?

Written by gigmocha in Uncategorized

How To Share A SSH Tunnel In A Network Using A Router?

How To Share A SSH Tunnel In A Network Using A Router?

An SSH tunnel is a connection between 2 applications running on the same machine. The idea is straightforward. We have one application, “A,” that needs to connect to another application, “B”. This second application might be located on the internet or even behind a firewall. So it could be impossible for the first application to reach it directly. 

But since both are running on the same machine, we can do something about this situation by using ssh without exposing port 22 (the default listening port of ssh) directly to the world. Another advantage of this approach is that if our Linux distribution comes with the default configuration where the root user has its password set, creating an SSL tunnel will require root privileges.

SSH Tunnel involves an SSH client forwarding a connection to a port on the local machine to a specified host and a port on the remote side. 

Working of SSH Tunnel

SSH Tunnel or tunnel can work in an active mode where the program listens at the local end and in server mode where a program listens for incoming connections on the remote side. In its default mode, when acting as a tunnel, ssh tunnels TCP ports. The local side opens a port. The remote side connects to it.

Data sent through this connection from one machine goes out from the other. This mechanism provides a basic level of security since an attacker must have access to the machines on both ends of the connection to intercept data going through it. This type of tunneling is helpful for people who need to securely connect two LAN segments that don’t have a trust relationship.

Sharing of SSH Tunnel

SSH Tunnel has built-in support for sharing an established connection. It is to avoid re-establish the link every time something needs tunneling through it. This is known as SSH tunnel forwarding, and with this type of “port forwarding,” there are two possible scenarios:

Forwarding TCP Ports: Here, we use Local or Remote forwarding.

Forwarding Local Sockets: We use Local or Remote forwarding with -L and -R options.

Sharing SSH Tunnel Using Router

One possible solution to our problem is using SSH Tunnel and creating a shared connection between the Linux machine and its router or modem.

This way, we can connect to that port from any other device in the same network and share the tunnel. To do that, we should configure sshd on Linux to listen on another port than 22, like, for example, 2222. Then we can configure a router to forward traffic coming from port 2222 to the Linux box, which has sshd listening on port 22.

One possible drawback of this solution is that someone gets access to our router or modem, has ssh access through the tunnel, and has access to any other application running in our local network.

The ssh client also allows us to use the “-w:” command-line option, which requests a TCP forwarding port allocation on the local machine (2222 in this example). It then forwards any data that arrives at this local port to the given destination address using the given TCP port on the remote machine.

The “-N” option is used not to execute any remote commands but still log in (by simulating a normal login shell)

Configure Server-Side

  • On the server-side (/etc/ssh/sshd_config):
  • ## 2222 is ssh default port for non SSL
  • Port 22
  • ##Listen port 2222 and forward to ssh default port on another system
  • #ListenAddress 0.0.0.0
  • ListenAddress 192.168.1.100:2222
  • Then restart sshd: service sshd restart or /etc/init.d/sshd restart
  • Testing the connection: we will use the “socat” tool to create a tunnel from remote host port 8080 to our machine’s 2222 port.
  • socat TCP4-LISTEN:8080,fork SOCKS4A:localhost:2222,socksport=9050
  • Testing localhost on port 8080 through the SSH tunnel on port 2222
  • ssh -N -w 0:localhost:2222 user@192.168.1.100
  • telnet localhost 8080
  • Now, if we go to our router FTP interface or web interface, we can’t see the file which is downloaded through the tunnel running on port 2222

Configure Client Side

In the remote system, localhost:2222 is used as a SOCKS proxy to reach the internal network.

To set this up, just leave out the “User” option in the ssh command line. SSH tunnel will be established without asking for a password, and your connection becomes encrypted automatically. Then configure your applications to use that host as a SOCKS proxy.

#ssh -fN -w 0:localhost:2222 192.168.1.100

On the client-side, it needs to know where our router or modem is. In this case, we can use the “dig” command to resolve DNS names and get the IP address of the target system, which we should connect through an SSH tunnel

Forward port 8080 on the remote host with IP 192.168.1.100  to local machine port 2222:

ssh -L 8080:192.168.1.:2222 root@192.168\.1\.100

telnet 127 .0 .0 .1 8080

telnet localhost 2224

The ssh tunnel is created. Now you can check that using SSH proxychains or socat tools etc. You will be able to use the remote FTP/HTTP Server through this VPN Tunnel without any problems.

This method can also be used for other protocols like VNC, SMB, HTTP, HTTPS, POP3, etc.

Configure Client Machine 

For Windows:

You need a putty tool and configure in your session that localhost:2222 should be used as a SOCKS proxy and then connect it to the remote host through SSH. Or we can use the “Puttygen” tool to generate the private key and public key certificate. 

Then we need to add both keys into Putty configuration (Connection->SSH->Auth).

After all these steps, we will use the remote FTP, HTTP, and SMB server through the SSH tunnel without any issues. Just make sure you can access your router or modem web interface using HTTPS (SSL).

Configure Windows

It is better to add a new machine (not in domain or workgroup)  to the network and then to the “Trusted Hosts” list in our windows7 firewall GPO. Then when we try to connect, the following error message will appear:

The VPN connection is terminated locally by the client. The cause of this problem might be that the security software installed on this computer blocks the forwarding of private ports that there are no routes for.

We just need to establish an SSH connection with the tunneling option activated the first time, so the “trusted hosts” entry will permanently be added to the windows firewall. We can also use this method to access several network resources through SSH Tunnel like ssh port forwarding mode. For example, to Access Windows 7 shared folders through SSH tunnel:

ssh -L 1526 :10.3.0.14:445 user1@localhost -p 2222  -v

This command forwards Windows 2008 R2 server smb share named D$ using port 15, 26.

Conclusion

SSH Tunnel works by allocating a socket to listen to traffic on the local side. It is then connected from the remote machine over existing SSH connections. This creates what appears as a standard network socket connection. The program listening at the local end of this “tunnel” is often called SSH Tunnel or just a tunnel.

Recent Posts