Friday, December 14, 2018

SSH Port Forwards In Simpler Terms

I love SSH, I love port forwards, I love all they allow you to do. I hate my memory and all it forgets to do. I decided to write the following so I can easily recall the syntax and meaning for SSH port forwards (-L & -R).

Firstly, both use the same syntax (order of parameters doesn't matter):

ssh root@someVPS -i ~/.ssh/whateverKey -L localhost:2323:localhost:2424
ssh root@someVPS -i ~/.ssh/whateverKey -R localhost:2323:localhost:2424

Even though they are both basically From:To, They have different meanings because -L & -R have different contexts.

-L localhost:2323:localhost:2424 means:

  • Create a listening socket on my local laptop (the client) listening at localhost:2323
  • Any connection coming into that socket (on my local laptop) send over the SSH connection to the VPS's "localhost:2424" - assuming some app or something is listening on the server on 2424 so this connection is actually useful.
  • Can be more easily understood as "-L LocalContextIP:LocalPort:RemoteContextIP:RemotePort"
-R localhost:2323:localhost:2424 means the inverse:
  • Create a listening socket on the VPS at localhost:2323
  • Any connection into that socket (on the remote VPS) send over the SSH connection to the Laptop's "localhost:2424"
  • Can be more easily understood as "-R RemoteContextIP:RemotePort:LocalContextIP:LocalPort"
It's important to note that this isnt restricted to localhost. You can "bounce" connections either way just by changing the "To:" location.

Bounce a connection from my laptop to my VPS and out to google? sure
ssh root@someVPS -i ~/.ssh/whateverKey -L

Bounce a connection from my VPS to my laptop and out to google? sure
ssh root@someVPS -i ~/.ssh/whateverKey -R

-L & -R are really doing nothing more than telling you the direction that the traffic flows. -L is from client -> server and -R is from server -> client. 

I use the term "Context" here because that's really what it is. It consults the machine's IPs/Hostnames/whatever that is local to _that_ machine.

This means that if my VPS has an entry in /etc/hosts for " yoloswag" and my Laptop has an entry for " yoloswag" - they will mean different things depending on where in the command you place "yoloswag"

There, now I won't have to second guess myself everytime I try to create a reverse tunnel through 8 different boxes.

Stupid SSH Trick:
So if you understood what I just wrote then you should say to yourself: "wait, doesnt that mean I can forever have two tunnels passing data back and forth forever" - yes. Yes you can. And it's dumb. Here's how it works:

First anything coming on your laptops localhost:3030 gets sent out to the VPS's localhost:3131
ssh yolohax -L localhost:3030:localhost:3131
Second, anything coming into your VPS's localhost:3131, send out to your Laptops:3030:
ssh yolohax -R localhost:3131:localhost:3030

Go ahead and try it, watch your network usage. Once you issue your first transmission (echo infinitelooplol | ncat localhost 3030) you should get a constant .5-1.5Kbps in both directions. Ctrl-c'ing it won't help because it's stuck in tunnel loop. You have to kill one of the tunnels for it to end.

No comments:

Post a Comment