# HG changeset patch # User Oleksandr Gavenko # Date 1328797776 -7200 # Node ID 70c6a3153bc76d3ce62e2be1e43b6b32d19848c3 # Parent 714121bcb5ef51d318afc10a8d519f6347f24f73 Move "Reverse SSH Tunneling." diff -r 714121bcb5ef -r 70c6a3153bc7 port.rst --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/port.rst Thu Feb 09 16:29:36 2012 +0200 @@ -0,0 +1,147 @@ +.. -*- coding: utf-8; -*- + +=============== + Network port. +=============== + +Port forwarding. +================ +:: + + $ ssh -L 8888:www.linuxhorizon.ro:80 user@computer -N + $ ssh -L 8888:www.linuxhorizon.ro:80 -L 110:mail.linuxhorizon.ro:110 \ + 25:mail.linuxhorizon.ro:25 user@computer -N + +The second example (see above) show you how to setup your ssh tunnel for web, pop3 +and smtp. It is useful to recive/send your e-mails when you don't have direct access +to the mail server. + +For the ASCII art and lynx browser fans here is illustrated the first example:: + + +----------+<--port 22-->+----------+<--port 80-->o-----------+ + |SSH Client|-------------|ssh_server|-------------| host | + +----------+ +----------+ o-----------+ + localhost:8888 computer www.linuxhorizon.ro:80 + +Reverse SSH Tunneling. +====================== + +Have you ever wanted to ssh to your Linux box that sits behind NAT? Now you can +with reverse SSH tunneling. This document will show you step by step how to set +up reverse SSH tunneling. The reverse SSH tunneling should work fine with Unix +like systems. + +Let's assume that Destination's IP is 192.168.20.55 (Linux box that you want to +access). + +You want to access from Linux client with IP 138.47.99.99. +Destination (192.168.20.55) <- NAT <- Source (138.47.99.99) + +SH from the destination to the source (with public ip) using command below:: + + $ ssh -R 19999:localhost:22 sourceuser@138.47.99.99 + +port 19999 can be any unused port. Now you can SSH from source to destination +through SSH tuneling:: + + $ ssh localhost -p 19999 + +3rd party servers can also access 192.168.20.55 through Destination +(138.47.99.99). Destination:: + + (192.168.20.55) <- |NAT| <- Source (138.47.99.99) <- Bob's server + +From Bob's server:: + + $ ssh sourceuser@138.47.99.99 + +After the sucessful login to Source:: + + $ ssh localhost -p 19999 + +The connection between destination and source must be alive at all time. Tip: +you may run a command (e.g. watch, top) on Destination to keep the connection +active. + +Port listening. +=============== + +Connect to a server:: + + $ nc hostname port + +Be a server:: + + $ nc -l -p port + +Simple filetransfer. +==================== + +Serve a file:: + + $ nc -l -p port < file + +Receive a file:: + + $ nc hostname port > file + +Filesystem cloning. +=================== + +Serve the filesystem:: + + $ tar cOPp --same-owner / | nc -l -p port + +Receive the filesystem:: + + $ nc -w3 hostname port | tar xPp + +Disk cloning. +============= + +Serve the disk image:: + + $ dd if=/dev/hda | nc -l -p port + +Receive the image:: + + $ nc -w3 hostname port | dd of=/dev/hda + +Encrypted, compressed and IP restricted filetransfer. +===================================================== + +If combining encryption and compression, be sure to compress first then +encrypt when sending and reverse the order for receiving. Do not attempt to +encrypt then compress. Compression works by finding patterns which are +destroyed intentionally by the process of encryption. Also, though not +required, specifying the IP address of the host that will be transferring the +file is a good idea. + +Serving a compresssed, encrypted file from 192.168.0.1 to 192.168.0.2:: + + $ gzip -c < file | openssl aes-128-cbc -e -k thispassword | nc -l 192.168.0.2 12345 + +Receiving, decrypting and decompressing that file:: + + $ nc 192.168.0.1 12345 | openssl aes-128-cbc -d -k thispassword | gunzip -c > file + +Scan with nmap. +=============== + +TODO + +Scan with netcat. +================= +:: + + $ nc -v -w 2 -z hostname portrange + $ nc -v -w 2 -z hostname portlisting + +Where portrange is for example "10-20" to scan all ports between 10 and 20, +portlisting is for example 11,20,135 will scan these ports. + +I just tried this on windows xp, and the comma separated list of ports does +NOT work. Instead, use space separated list. eg:: + + cmd> nc.exe -vv -w 2 -z www.example.com 20-25 79 80 110 137-139 443 + diff -r 714121bcb5ef -r 70c6a3153bc7 remote-shell.rst --- a/remote-shell.rst Thu Feb 09 16:27:48 2012 +0200 +++ b/remote-shell.rst Thu Feb 09 16:29:36 2012 +0200 @@ -1,39 +1,5 @@ -*- mode: outline; coding: utf-8 -*- -* Reverse SSH Tunneling - -Have you ever wanted to ssh to your Linux box that sits behind NAT? Now you can with -reverse SSH tunneling. This document will show you step by step how to set up reverse SSH -tunneling. The reverse SSH tunneling should work fine with Unix like systems. - -Let's assume that Destination's IP is 192.168.20.55 (Linux box that you want to access). - -You want to access from Linux client with IP 138.47.99.99. -Destination (192.168.20.55) <- |NAT| <- Source (138.47.99.99) - -SH from the destination to the source (with public ip) using command below: - - $ ssh -R 19999:localhost:22 sourceuser@138.47.99.99 - -port 19999 can be any unused port. -Now you can SSH from source to destination through SSH tuneling: - - $ ssh localhost -p 19999 - -3rd party servers can also access 192.168.20.55 through Destination (138.47.99.99). -Destination (192.168.20.55) <- |NAT| <- Source (138.47.99.99) <- Bob's server - -From Bob's server: - - $ ssh sourceuser@138.47.99.99 - -After the sucessful login to Source: - - $ ssh localhost -p 19999 - -The connection between destination and source must be alive at all time. Tip: you may run -a command (e.g. watch, top) on Destination to keep the connection active. - * Ajaxterm. Allow remote shell access to host from web browser (require html+css+javascript).