I really struggled to understand this and now I’m finally starting to grasp it. Not sure why this blows my mind so much, almost feel like the confusion comes from overthinking it.
I can't believe I still run into great shows on RUclips which have existed for decades yet I had no idea about their existence.... ... Kudos to entire team.
Great example! Maybe it's my Ubuntu 10.10, but it was my experience that the configuration you demonstrated for remote forwarding only allows forwarding from the server "localhost". To configure to allow forwarding of any host on the network connected to the evil server, the /etc/ssh/ssh_config file had to be modified with a line added: GatewayPorts clientspecified and, the host IP had to be specified in the ssh command like so: ssh -R evil-server:8080:localhost:80 user@evil-server
It could be even easier to understand if the ip address / computer names are also written down in the picture. But this video did help me undertand the use of -L, which aonther video had me confused.
There are 2 things never discussed that are required: 1) You need to have a publicly accessible server, such as a hosting account with SSH enabled. 2) The ssh server must have GatewayFowardering turned on in the SSH server settings, which may not be possible on some hosting providers.
Greate video. But there is a common mistake that happens in most of the SSH tuitors and make the second sample confusing. The port opened on local host and remote host are the same-5901. So it is hard to understand the exact meaning of the port1:IP:port2.
Darren, i've got a question: I use PuTTY on Windows to use SSH Forwarding, but if i'm using the remote option. If I run apache for Windows on the client (192.168.2.123:80), and forward it to the Linux server, i can only access it on the linux-box (localhost:80), and not outside my network, and i've open the ports of the linux-box. Can you help?
Darren Hi, Could you pls make a video about chaining the ssh tunnels? for instance when you want to access to machine in a LAN only accessible via jump box.
Now if someone connected to that vml server through port 5901 why would it not redirect back to your laptop? Since those two ports appear to be bound together. If You could help me clear that up I would greatly appreciate it.
I just cannot keep track of where you type the command... It's obviously clear in your all's heads but in theory you can type the command on the laptop or on the server and I can't tell which numbers align with with side of things. I'm trying to get a remote debugger setup for node.js scripts and I just can't seem to get the job done. Insights would be helpful
can we describe more what is user@host? can it be the public ip address of the host? how do we set the "user" name ? and another thing is the password that you typed when you run the command. How do we set those?
still not clear on the reverse SSH.. because both the connection looks same.. may be if we can explain with an better example may help with cloud involved
nice one :D But what can I do when I´m using a Wirelles-router and it only shows my network ip ex. 10.0.0.1... Is my WAN important or not ? Please help :(
I still do not understand the SSH port forwardig syntax? Whats up with this 80:localhost:8080? Is there more clearer way to understand this syntax? I mean what the hell ssh developers! XD
As I remember the main clue for remembering port forwarding is to understand that MyPort:RemotePort and this rule/convention almost everywhere applies in all Linux utilities. And let's not forget about the manual :)
@@maratgainutdinov9722 Thankyou for your reply. I read the manual couple of times (skimmed) and now I understand the syntax. I prefer the more explicit version like localhost:80:localhost:80 for source and destination sockets. Thankyou for being kind and patient. (Y) Lets learn something new now. Cheers
Guys you make really good videos, but please try to stick to the point and minimize side noise, which you have a ton of, in your videos. No one has enough time to wait through all the unnecessary stuff to get to the actual technical content, they were here for, in the first place.
Yup thats true but not during the time when he is explaining. Its disturbing and annoying. May be they have to rehearse a little more not to talk in between.
8 years later and this is still one of the best resources I've found to understand this concept. Great job !
10*
I really struggled to understand this and now I’m finally starting to grasp it. Not sure why this blows my mind so much, almost feel like the confusion comes from overthinking it.
One of the Finest Resource to learn about Port Forwarding...
I can't believe I still run into great shows on RUclips which have existed for decades yet I had no idea about their existence.... ... Kudos to entire team.
ikr
Great stuff. All too often you get "how to" specifics or "how it works" abstractly. Thanks for providing both at once.
Thank you! I still send this video to friends who are trying to understand SSH Tunneling. Very well explained. Thank you :)
Love you guys so much ❤ shannon darren digital OGs
Very clear explanation. Thank you!!
Awesome video. Informative, well-produced, well-edited, useful and provides practical information
lo is not "local", is loopback
about 3 weeks ago. helps that we upload super high res too ;)
Great example! Maybe it's my Ubuntu 10.10, but it was my experience that the configuration you demonstrated for remote forwarding only allows forwarding from the server "localhost". To configure to allow forwarding of any host on the network connected to the evil server, the /etc/ssh/ssh_config file had to be modified with a line added:
GatewayPorts clientspecified
and, the host IP had to be specified in the ssh command like so:
ssh -R evil-server:8080:localhost:80 user@evil-server
Ssh tunneling is awesome
I'm a fan of your work. keep going
It could be even easier to understand if the ip address / computer names are also written down in the picture. But this video did help me undertand the use of -L, which aonther video had me confused.
I allays love staying up till 12 just to watch your guys vids. Any body ells agree?
Great job guys. I loved it
There are 2 things never discussed that are required:
1) You need to have a publicly accessible server, such as a hosting account with SSH enabled.
2) The ssh server must have GatewayFowardering turned on in the SSH server settings, which may not be possible on some hosting providers.
Great video ! Thanks !
nice job
👍👍
Greate video. But there is a common mistake that happens in most of the SSH tuitors and make the second sample confusing. The port opened on local host and remote host are the same-5901. So it is hard to understand the exact meaning of the port1:IP:port2.
Cut the Britny Spears cheap pop garbage talk - do the explanation, you can di it really well
thanks for showing that i was wondering local vs remote from the first ssh proxy episode
Funny Techies.. Keep Posted...:)
You could also use OpenVPN to setup a secure local network between you and your server(s)
Unbenounced to him the Log4j vulnerability awaited patiently in the shadows.
ssh://
explanation of the concept was very good . Could have avoided those unwanted animations .
Have something happend to the quality on RUclips? This is so good!
Snubs "A firewall, oh no! Just like prison. You can get in, but you can't get out." lol
does it mean that GatewayPorts "clientspecified" is port 8080 ?
awesome stuff : )
Hey folks, nice vid. Am I wrong in saying that the 'localhost' refers to the laptop when it's -L and the server when it's -R?
yes that was awesome...
Install gnome or your WM of choice ;)
Damn girl! You can sing!
Can this be used as a "manual" way of doing what Metasploit's autoroute does?
Darren, i've got a question: I use PuTTY on Windows to use SSH Forwarding, but if i'm using the remote option. If I run apache for Windows on the client (192.168.2.123:80), and forward it to the Linux server, i can only access it on the linux-box (localhost:80), and not outside my network, and i've open the ports of the linux-box. Can you help?
Darren Hi,
Could you pls make a video about chaining the ssh tunnels? for instance when you want to access to machine in a LAN only accessible via jump box.
Any tip o risk of letting some service exposed to certain port in a remote server that it is accessible to everyone on that port?
Now if someone connected to that vml server through port 5901 why would it not redirect back to your laptop? Since those two ports appear to be bound together. If You could help me clear that up I would greatly appreciate it.
I love shannon
Do you have to change some config files for this to work? Probably but you are not saying anything about it.
I just cannot keep track of where you type the command... It's obviously clear in your all's heads but in theory you can type the command on the laptop or on the server and I can't tell which numbers align with with side of things. I'm trying to get a remote debugger setup for node.js scripts and I just can't seem to get the job done. Insights would be helpful
We all know what that firewall looks like
can we describe more what is user@host? can it be the public ip address of the host? how do we set the "user" name ? and another thing is the password that you typed when you run the command. How do we set those?
Does it only works with tcp?
still not clear on the reverse SSH.. because both the connection looks same.. may be if we can explain with an better example may help with cloud involved
Very nice explanation but I dont understand something, why is the girl there? IS it the 5318008?
Very ambiguous. More network details needed like actual network ip addresses.
nice one :D
But what can I do when I´m using a Wirelles-router and it only shows my network ip ex. 10.0.0.1...
Is my WAN important or not ?
Please help :(
Is it possiable in win rat ?
Why is 'Snubs' on Hak5?
I still do not understand the SSH port forwardig syntax? Whats up with this 80:localhost:8080?
Is there more clearer way to understand this syntax? I mean what the hell ssh developers! XD
As I remember the main clue for remembering port forwarding is to understand that MyPort:RemotePort and this rule/convention almost everywhere applies in all Linux utilities.
And let's not forget about the manual :)
@@maratgainutdinov9722 Thankyou for your reply. I read the manual couple of times (skimmed) and now I understand the syntax. I prefer the more explicit version like localhost:80:localhost:80 for source and destination sockets. Thankyou for being kind and patient. (Y) Lets learn something new now. Cheers
Guys you make really good videos, but please try to stick to the point and minimize side noise, which you have a ton of, in your videos. No one has enough time to wait through all the unnecessary stuff to get to the actual technical content, they were here for, in the first place.
Does Shannon still here?
she has her own channel now
Subtitles please?
How about if company network administrator has blocked port 22 on company side?
They wont.. because dont know how else to manage the servers...
Let's be adult children.
Lot of wasting time, not a behaviour or techie.. Long time to get to point, finally got to point and that too hovering a circle.
sshd??? what is tyhe best free service for debian?, sorry newb here
My ISP Blocking All Ports.What to do ??
Sam Rich Get A New ISP xD
But On A Serious Note Get A VPN
Sam Richardson Use ngrok or pagekite. They're astonishingly good at bypassing that kind of nonsense.
That girl disturb me much! plz stop talking
Shateel Chowdhury Jealousy gets you no where.
The girl actually make normal people easy to understand tec. things.
Yup thats true but not during the time when he is explaining. Its disturbing and annoying. May be they have to rehearse a little more not to talk in between.
first !!!
Dislike, why dont you add some more info on dynamic like you did for rest of two. :(
Nice video, but the girl is sort of annoying..
confusing stuff, talk a lots
marry me shanon ......plz........plz.....plz