Pages

21.7.12

My First Post on Happy Engineer - SSH Tunneling

A very powerfull tool is SSH. SSH is the acronym of secure shell and is a kind of prehistoric version of Remote Desktop Connection or VNC. The main difference between VNC, RDC and SSH is that SSH make possible to manage a remote host using without using GUIs, but only through a prompt.

You can think "Bleah, only a poor command prompt?  Where the way to unpack tarball is made of a long sequence of chars??? WTF????"

Answer: "Yes".

Trust me, if you begin to use linux's terminal it will be the END. You'll not use linux without using terminal! It's a drug!

But, wait a second, try to think about the idea of sending only few bytes to manage remote hosts instead of large quantities of bytes for send screenshots of VNC and RDC. It sounds good!!

Leaving behind these considerations, let's talk technically.

If you want to connect to a remote host using ssh you have to be sure of two things:

1 - The remote host must have installed a SSH daemon (OpenSSH for example) and must be correctly configured.

In Ubuntu distributions is very simple to install OpenSSH, just open terminal and type:

    sudo apt-get install openssh-server

Once installed, the daemon will startup automatically when the host starts up, and all the user of the host will be enabled to use ssh service, so if you want to access to your machine you can use the credentials you normally use to access the host.

2- You must know a pair o username-password enabled on the remote host.

Try to connect to a remote host using ssh. Open the terminal and type:

    ssh username@hostip



Where:

    Username is the username on the remote host
    hostip defines the remote host ip you want to connect using SSH

 If you want to test if OpenSSH is working on your local host you can run:

    ssh yourusername@localhost



After the execution of this command you'll be asked to accept a key and you'll need to answer "yes".

    What's the meaning of this question?



SSH bases its operation on the use on a public key cryptography system and the first time you make a connection to a remote host you must accept its public key to start the conversation.

    Wow... Now i'm connected to a remote host.. And now?



The main advantage of using SSH for administrate remote hosts is the limitate usage of bandwidth. It seems a nonsense, but there are a lot of situations where the optimization of bandwidth usage can make the difference.



    Yeah. .. Boring Things...



Wait!

There's a little funcionality of SSH that is very powerfull. The Tunneling. Tunneling defines the possibility to make a tunnel between two hosts and make possible to exchange data between them.



Imagine to have three hosts:

    host A, connected to the internet, placed in Australia
    host B and C in the same subnet but only B is directly connected to the Internet. These two hosts are in Norway.

Imagine also that host A must access to C for some reasons. There are a lot of ways to do this for example VPNs (maybe we talk about this another time).. Another way can be tunneling.

Idea!

Using host B like a gateway for exchange data with C. Great! How?

SSH

There's a little tiny argument that you can pass to SSH command before execute it. The -L argument. Let's see a usage for this argument.

    ssh johndoe@hostB -L 5000:hostC:21



In this example i'm connecting to the host B placed in Norway, using the username johndoe. Passing -L argument i'm saying to ssh to bind port 21 of hostC (hostC must be the subnet's ip of host C) to the port 5000 of my host. So if i connect using a FTP client to port 5000 of my localhost, the communication will be routed through the tunnel to host C using host B like a gateway.

So if you have the possibility to access a host of a subnet using SSH, you'll be able to access on every host of that subnet.

I wish that you will appreciate this post. I'm also happy if you want to correct me in contents or in grammar (i'm not so trained about writing english :) )

Yhank you, see you soon

No comments:

Post a Comment