Another useful scenario is whether it is necessery to make …

Friday, 19th April 2024

Comment on How to create ssh tunnels / ssh tunneling on Linux and FreeBSD with openssh by admin.

Another useful scenario is whether it is necessery to make ssh tunnel via multiple (server) hops:

There are 3 scenarios to tunnel ssh traffic via multiple servers:

  1. Tunnel from localhost to host1: 

    ssh -L 9999:host2:1234 -N host1

    As noted above, the connection from host1 to host2 will not be secured.

  2. Tunnel from localhost to host1 and from host1 to host2: 

    ssh -L 9999:localhost:9999 host1 ssh -L 9999:localhost:1234 -N host2

    This will open a tunnel from localhost to host1 and another tunnel from host1 to host2. However the port 9999 to host2:1234 can be used by anyone on host1. This may or may not be a problem.

  3. Tunnel from localhost to host1 and from localhost to host2: 

    ssh -L 9998:host2:22 -N host1
ssh -L 9999:localhost:1234 -N -p 9998 localhost

    This will open a tunnel from localhost to host1 through which the SSH service on host2 can be used. Then a second tunnel is opened from localhost to host2 through the first tunnel.

Normally, I'd go with option 1.
If the connection from host1 to host2 needs to be secured, go with option 2.

Option 3 is mainly useful to access a service on host2 that is only reachable from host2 itself.

admin Also Commented

How to create ssh tunnels / ssh tunneling on Linux and FreeBSD with openssh

In corporate world it is also very useful to create and use SSH tunnel to Oracle Database. The same logic is in place: 

ssh -T -N -L 1521:localhost:1521 mysoracleerver.example.com


C:Usersgeorgi>sqlplus mdinh/mdinh@127.0.0.1:1521/lax_db01

SQL*Plus: Release 11.2.0.1.0 Production on Mon Mar 11 00:00:14 2013

Copyright (c) 1982, 2010, Oracle.  All rights reserved.

Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL> select instance_name from v$instance;

INSTANCE_NAME
----------------
db01

SQL> select db_unique_name from v$database;

DB_UNIQUE_NAME
------------------------------
lax_db01

SQL> exit

How to create ssh tunnels / ssh tunneling on Linux and FreeBSD with openssh

A useful tunneling is to create SSH tunnel to MySQL server on localhost so you can access it via mysql cli using some port lets say (3308):
  

ssh -T -N -L 3308:localhost:3306 myserver.example.com

Then access with mysql cli (assuming mysql cli is installed on localhost):
  

$ mysql -P 3308 -u USERNAME -pPASSWORD DATABASE

 

 

Recent Comments by admin

A Biography of one big Heart + His Holiness Patriarch Neophyte (Neofit) head of Bulgarian Orthodox Church

От архива: Христовата любов побеждава дори смъртта, твърдеше приживе патриарх Неофит

A Biography of one big Heart + His Holiness Patriarch Neophyte (Neofit) head of Bulgarian Orthodox Church

Българският Патриарх Неофит в Москва на 8 Март 2016 г. ЧАСТ 2
 

Christ is Risen Eastern Orthodox Resurrection Paschal Greeting in Different Languages
Hi Stan,

I guess you cannot read the writtings on the icon as it is in cyrillic.
This is not Saint Mary and Saint Peter but Adam and Eve written in cyrillic on top of the icon.
Actually in orthodoxy it is a requirement for the depicted personalities, especially saints to have
written on the names of the saint and have the Halo. If you look closely at the picture you will notice
the two Adam and Eve are missing a Halo. The only person with a Halo in the icon is Saint John the Baptist.

Best Regards
Georgi

Install and configure rkhunter for improved security on a PCI DSS Linux / BSD servers with no access to Internet
       –rwo, –report-warnings-only
              This option causes only warning messages to be displayed. This can be useful when rkhunter is run via cron. Other options may
              be used to force other items of information to be displayed.

       –sk, –skip-keypress
              When  the  –check command option is used, after certain sections of tests, the user will be prompted to press the return key
              in order to continue. This option disables that feature, and rkhunter will run until all the tests have completed.

         

Install and configure rkhunter for improved security on a PCI DSS Linux / BSD servers with no access to Internet
As rkhunter check, can be pretty annoying and ask you to press keypresses multiple times and spit you a lot of unnecessery data a very good useful option arguments are:

–rwo and –sk

# rkhunter -c –rwo –sk
Warning: The SSH and rkhunter configuration options should be the same:
         SSH configuration option 'PermitRootLogin': yes
         Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': no

Share this on:


Previoust Post:

Next Post:

This entry was posted on Friday, April 19th, 2024 at 9:18 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.