Hak5 - SSH Forwarding: Local vs Remote with examples, Hak5 1113 part1
HTML-код
- Опубликовано: 14 май 2012
- Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
____________________________________________
This time on the show, Local and Remote forwarding with SSH, Persistent connections in Linux with AutoSSH, Windows tunnels that don't quit with a GUI front-end for Plink and a whole lot of technolust. All that and more, this time on Hak5!
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community - where all hackers belong. 
Развлечения
8 years later and this is still one of the best resources I've found to understand this concept. Great job !
10*
I really struggled to understand this and now I’m finally starting to grasp it. Not sure why this blows my mind so much, almost feel like the confusion comes from overthinking it.
I can't believe I still run into great shows on RUclips which have existed for decades yet I had no idea about their existence.... ... Kudos to entire team.
Great stuff. All too often you get "how to" specifics or "how it works" abstractly. Thanks for providing both at once.
Awesome video. Informative, well-produced, well-edited, useful and provides practical information
lo is not "local", is loopback
Love you guys so much ❤ shannon darren digital OGs
Thank you! I still send this video to friends who are trying to understand SSH Tunneling. Very well explained. Thank you :)
Great job guys. I loved it
Great video ! Thanks !
Very clear explanation. Thank you!!
I'm a fan of your work. keep going
Great example! Maybe it's my Ubuntu 10.10, but it was my experience that the configuration you demonstrated for remote forwarding only allows forwarding from the server "localhost". To configure to allow forwarding of any host on the network connected to the evil server, the /etc/ssh/ssh_config file had to be modified with a line added:
GatewayPorts clientspecified
and, the host IP had to be specified in the ssh command like so:
ssh -R evil-server:8080:localhost:80 user@evil-server
awesome stuff : )
Have something happend to the quality on RUclips? This is so good!
Hey folks, nice vid. Am I wrong in saying that the 'localhost' refers to the laptop when it's -L and the server when it's -R?
Darren Hi,
Could you pls make a video about chaining the ssh tunnels? for instance when you want to access to machine in a LAN only accessible via jump box.
Now if someone connected to that vml server through port 5901 why would it not redirect back to your laptop? Since those two ports appear to be bound together. If You could help me clear that up I would greatly appreciate it.
There are 2 things never discussed that are required:
1) You need to have a publicly accessible server, such as a hosting account with SSH enabled.
2) The ssh server must have GatewayFowardering turned on in the SSH server settings, which may not be possible on some hosting providers.
nice job
yes that was awesome...
Any tip o risk of letting some service exposed to certain port in a remote server that it is accessible to everyone on that port?
about 3 weeks ago. helps that we upload super high res too ;)
does it mean that GatewayPorts "clientspecified" is port 8080 ?
Darren, i've got a question: I use PuTTY on Windows to use SSH Forwarding, but if i'm using the remote option. If I run apache for Windows on the client (192.168.2.123:80), and forward it to the Linux server, i can only access it on the linux-box (localhost:80), and not outside my network, and i've open the ports of the linux-box. Can you help?
Greate video. But there is a common mistake that happens in most of the SSH tuitors and make the second sample confusing. The port opened on local host and remote host are the same-5901. So it is hard to understand the exact meaning of the port1:IP:port2.
Can this be used as a "manual" way of doing what Metasploit's autoroute does?
Ssh tunneling is awesome
Funny Techies.. Keep Posted...:)
nice one :D
But what can I do when I´m using a Wirelles-router and it only shows my network ip ex. 10.0.0.1...
Is my WAN important or not ?
Please help :(
It could be even easier to understand if the ip address / computer names are also written down in the picture. But this video did help me undertand the use of -L, which aonther video had me confused.
I just cannot keep track of where you type the command... It's obviously clear in your all's heads but in theory you can type the command on the laptop or on the server and I can't tell which numbers align with with side of things. I'm trying to get a remote debugger setup for node.js scripts and I just can't seem to get the job done. Insights would be helpful
Do you have to change some config files for this to work? Probably but you are not saying anything about it.
thanks for showing that i was wondering local vs remote from the first ssh proxy episode
Is it possiable in win rat ?
can we describe more what is user@host? can it be the public ip address of the host? how do we set the "user" name ? and another thing is the password that you typed when you run the command. How do we set those?
Does it only works with tcp?
still not clear on the reverse SSH.. because both the connection looks same.. may be if we can explain with an better example may help with cloud involved
You could also use OpenVPN to setup a secure local network between you and your server(s)
Snubs "A firewall, oh no! Just like prison. You can get in, but you can't get out." lol
👍👍
Very nice explanation but I dont understand something, why is the girl there? IS it the 5318008?
Why is 'Snubs' on Hak5?
I still do not understand the SSH port forwardig syntax? Whats up with this 80:localhost:8080?
Is there more clearer way to understand this syntax? I mean what the hell ssh developers! XD
As I remember the main clue for remembering port forwarding is to understand that MyPort:RemotePort and this rule/convention almost everywhere applies in all Linux utilities.
And let's not forget about the manual :)
@@maratgainutdinov9722 Thankyou for your reply. I read the manual couple of times (skimmed) and now I understand the syntax. I prefer the more explicit version like localhost:80:localhost:80 for source and destination sockets. Thankyou for being kind and patient. (Y) Lets learn something new now. Cheers
Damn girl! You can sing!
Does Shannon still here?
Subtitles please?
How about if company network administrator has blocked port 22 on company side?
They wont.. because dont know how else to manage the servers...
Unbenounced to him the Log4j vulnerability awaited patiently in the shadows.
explanation of the concept was very good . Could have avoided those unwanted animations .
Install gnome or your WM of choice ;)
ssh://
Cut the Britny Spears cheap pop garbage talk - do the explanation, you can di it really well
I love shannon
We all know what that firewall looks like
sshd??? what is tyhe best free service for debian?, sorry newb here
My ISP Blocking All Ports.What to do ??
Sam Rich Get A New ISP xD
But On A Serious Note Get A VPN
Sam Richardson Use ngrok or pagekite. They're astonishingly good at bypassing that kind of nonsense.
I allays love staying up till 12 just to watch your guys vids. Any body ells agree?
Very ambiguous. More network details needed like actual network ip addresses.
Guys you make really good videos, but please try to stick to the point and minimize side noise, which you have a ton of, in your videos. No one has enough time to wait through all the unnecessary stuff to get to the actual technical content, they were here for, in the first place.
Let's be adult children.
first !!!
Lot of wasting time, not a behaviour or techie.. Long time to get to point, finally got to point and that too hovering a circle.
Dislike, why dont you add some more info on dynamic like you did for rest of two. :(
That girl disturb me much! plz stop talking
Shateel Chowdhury Jealousy gets you no where.
The girl actually make normal people easy to understand tec. things.
Yup thats true but not during the time when he is explaining. Its disturbing and annoying. May be they have to rehearse a little more not to talk in between.
marry me shanon ......plz........plz.....plz
confusing stuff, talk a lots