ssh forwarding

Reference

• SSH Tunneling: Examples, Command, Server Config
  • https://www.ssh.com/academy/ssh/tunneling-example
• SSH Port forwarding
  • https://podalirius.net/en/articles/ssh-port-forwarding/
• SSH Port Forwarding 이해하기 (해커의 관점에서의 이론)
  • https://itsaessak.tistory.com/171
• Create your own Virtual Private Network for SSH with Putty
  • https://www.filecloud.com/blog/create-your-own-virtual-private-network-for-ssh-with-putty/
• How to Remote Access IoT SSH over the Internet
  • https://www.socketxp.com/iot/remote-access-iot-ssh-over-the-internet/
• 150. [SSH, Network] SSH 포트 포워딩(SSH 터널링)의 개념 및 사용 방법
  • https://blog.naver.com/PostView.naver?blogId=alice_k106&logNo=221364560794
  • https://blog.naver.com/alice_k106/221364560794
• 서버에서 원격시스템 접근
  • https://system-monitoring.readthedocs.io/en/latest/ssh.html
• SSH 리버스 터널링 접속하기
  • https://modera.tistory.com/149
• reverse-ssh-port-forwarding
  • https://toic.org/blog/2009/reverse-ssh-port-forwarding/
• SSH tunnel as systemd service
  • https://ivanmorenoj.medium.com/ssh-tunnel-as-systemd-service-3c53bd157ac1

Example

• Client Side (Target to connect)

wom@nesfr7-01:~$ ssh -R 8585:localhost:22 -i aws_us_west_1.pem ubuntu@54.193.231.0
Welcome to Ubuntu 20.04.6 LTS (GNU/Linux 5.15.0-1033-aws x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  System information as of Tue May  2 08:42:36 UTC 2023

  System load:  0.0                Processes:             101
  Usage of /:   10.5% of 15.32GB   Users logged in:       1
  Memory usage: 9%                 IPv4 address for eth0: 172.31.13.19
  Swap usage:   0%


 * Introducing Expanded Security Maintenance for Applications.
   Receive updates to over 25,000 software packages with your
   Ubuntu Pro subscription. Free for personal use.

     https://ubuntu.com/aws/pro

Expanded Security Maintenance for Applications is not enabled.

0 updates can be applied immediately.

Enable ESM Apps to receive additional future security updates.
See https://ubuntu.com/esm or run: sudo pro status


The list of available updates is more than a week old.
To check for new updates run: sudo apt update
New release '22.04.2 LTS' available.
Run 'do-release-upgrade' to upgrade to it.


Last login: Tue May  2 08:33:37 2023 from 221.150.237.133
ubuntu@ip-172-31-13-19:~$

• Proxy Server Side

ubuntu@ip-172-31-13-19:~$ ssh wom@localhost -p 8585
wom@localhost's password: 
Welcome to Ubuntu 20.04.4 LTS (GNU/Linux 5.10.104-tegra aarch64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

This system has been minimized by removing packages and content that are
not required on a system that users do not log into.

To restore this content, you can run the 'unminimize' command.

 * Introducing Expanded Security Maintenance for Applications.
   Receive updates to over 25,000 software packages with your
   Ubuntu Pro subscription. Free for personal use.

     https://ubuntu.com/pro

314 updates can be applied immediately.
238 of these updates are standard security updates.
To see these additional updates run: apt list --upgradable

Last login: Tue May  2 17:34:14 2023 from 192.168.0.13
wom@nesfr7-01:~$

Management from Server

• Port Check
  • • https://superuser.com/questions/127863/manually-closing-a-port-from-commandline

$ sudo netstat -ap | grep 8587
tcp        0      0 localhost:8587          0.0.0.0:*               LISTEN      1287/sshd: ubuntu   
tcp6       0      0 ip6-localhost:8587      [::]:*                  LISTEN      1287/sshd: ubuntu 

• Kill Session from Server
  • If a previous client connection is not closed properly, the process server-side continues to occupy the port. In such case, we should kill the process from the server

  Jun 12 00:53:29 ip-172-31-13-19 sshd[1323]: Accepted publickey for ubuntu from 221.150.237.133 port 59524 ssh2: RSA 
  SHA256:QPGRt0lJzMsgd+mtkQvuIzFl+bLT32PINYyq2O29dRI
  Jun 12 00:53:29 ip-172-31-13-19 sshd[1323]: pam_unix(sshd:session): session opened for user ubuntu by (uid=0)
  Jun 12 00:53:29 ip-172-31-13-19 systemd[1]: Started Session 6 of user ubuntu.
  Jun 12 00:53:29 ip-172-31-13-19 systemd-logind[487]: New session 6 of user ubuntu.
  Jun 12 00:53:29 ip-172-31-13-19 sshd[1396]: error: bind [127.0.0.1]:8587: Address already in use
  Jun 12 00:53:29 ip-172-31-13-19 sshd[1396]: error: channel_setup_fwd_listener_tcpip: cannot listen to port: 8587
  Jun 12 00:53:29 ip-172-31-13-19 sshd[1323]: pam_unix(sshd:session): session closed for user ubuntu
  Jun 12 00:53:29 ip-172-31-13-19 systemd-logind[487]: Session 6 logged out. Waiting for processes to exit.
  Jun 12 00:53:29 ip-172-31-13-19 systemd[1]: session-6.scope: Succeeded.
  Jun 12 00:53:29 ip-172-31-13-19 systemd-logind[487]: Removed session 6.
  

$ ps -aux | grep sshd
root         655  0.0  0.3  12184  7400 ?        Ss   Jun11   0:00 sshd: /usr/sbin/sshd -D -o AuthorizedKeysCommand /usr/share/ec2-instance-connect/eic_run_authorized_keys %u %f -o AuthorizedKeysCommandUser ec2-instance-connect [listener] 0 of 10-100 startups
root         840  0.0  0.4  13800  9020 ?        Ss   00:01   0:00 sshd: ubuntu [priv]
ubuntu       942  0.0  0.3  13932  6236 ?        S    00:01   0:00 sshd: ubuntu@pts/0
root        1214  0.0  0.4  13808  9032 ?        Ss   00:45   0:00 sshd: ubuntu [priv]
ubuntu      1287  0.0  0.2  13940  5420 ?        S    00:45   0:00 sshd: ubuntu             <- ssh-forwarding process 
ubuntu      1298  0.0  0.1   8168  2548 pts/1    S+   00:48   0:00 grep --color=auto sshd

kill -9 1287