SSH port forwarding or SSH tunneling is the process by which a TCP/IP connection, which would be otherwise insecure, is tunneled inside a secure SSH tunnel. This process protects the tunneled connection from network attacks. This process can also be called TCP/IP connection tunneling.
SSH is an extensively applied protocol for system administration and file transfer. Protocols can be forwarded through the SSH tunnel, including HTTP, FTP, SMTP, POP3, TELNET, and others. This provides improved security features like authentication and encryption, which may not otherwise be supported.
Who can use SSH tunneling?
The flip side of SSH port forwarding is that anyone who can log into your server can allow port forwarding, which is often exploited by internal IT personnel. These users can log in to their home servers or devices in a cloud and forward a port from the server back into the organization’s intranet, and then to their work devices or appropriate server.
The problem with this is that malicious actors and other malware can also use a similar route to create a backdoor into your internal network. The attackers can use it to conceal their tracks by bouncing an attack using several applications or devices, which allow unrestrained tunneling.
A licensed penetration tester (LPT) can expertly recognize all the new vulnerabilities that are being actively exploited, eliminate sensitive information before they can be exploited, and mitigate all your network’s vulnerabilities. You can take penetration testing training online to make you an indispensable asset to your organization. Click here for more details.
What is SSH port forwarding in Linux?
SSH port forwarding establishes a secure connection between a local computer and a remote Linux machine through SSH protocols which can delay services. You need to give your client your source and destination port numbers to use SSH tunneling in Linux. You also need to provide the location of the destination server, which can either be a hostname or an IP address.
This is because the destination port stipulates the port wherein the target TCP/IP server is listening. SSH tunneling is important for transferring information that applies unencrypted protocols, like IRC, IMAP, or VNC. Regardless of whether the application supports an SSL encryption or not, SSH port forwarding is capable of establishing secure connections.
What is SSH tunneling used for?
SSH tunneling is the process that allows the transmission of arbitrary networking data through an encrypted SSH connection. SSH port forwarding can be applied to create a sort of a virtual private network (VPN) and get around restraining firewall connections. This process can also be used for attaching encryption to legacy applications.
What are the benefits of port forwarding?
Port forwarding is one of the exceptional ways of preserving public IP addresses. It is transparent to the end-user and includes an additional layer of security to networks. Port forwarding is also beneficial because it shields clients and servers from unwanted access, restricts access to and from networks, and also “hides” the servers and services accessible on a network.
Likewise, SSH tunnels are extensively applied in several corporate settings that use mainframe systems as their application backends. In these settings, these applications may have extremely limited local supports for security. However, through the use of SSH tunneling, compliance with PCI-DSS, SOX, HIPAA, or other recognized standards can be realized without the need to adjust those applications.
Is port forwarding SSH safe?
SSH port forwarding is not dangerous by itself, however, its safety depends on the service at the target port. Some have suggested that the safety of port forwarding is dependent on how strong your firewall is and its level of internal and external protection.
The security of port forwarding goes beyond the router. Your security mainly rests with whatsoever software is on the device listening in on that port. So, the issue is not just your router but your device. It is a popular knowledge that all open ports on a network are constantly vulnerable attacks.
Nevertheless, the odds of a malicious hacker attempting to attack your network on those ports are very slim. An attacker cannot infiltrate your network through the forwarded ports. However, your router may be set to “allow configuration on WAN”. The setting of each router may be different, but ensure you allow only LAN configurations and disable all WAN configurations.
To learn about the security of SSH port forwarding and how to secure your networks, sign-up for our Advanced Penetration Testing training program that will help prepare you for the Licensed Penetration Tester (LPT) certification today!
Types of SSH port forwarding
Three types of port forwarding exist including
Local port forwarding
This is the most common type of port forwarding. Local port forwarding allows you to connect your local system to another server. Here, a connection from an SSH client can be sent through the SSH server and later to the destination server. However, you need to know two port numbers and your local destination.
Dynamic port forwarding
In this port forwarding type, connections from different programs are forwarded through the SSH client to the SSH server, and lastly to numerous destination servers. This modifies your SSH client into a SOCKS proxy server. You need to specially configure each program that employs the proxy server. You should also reconfigure them back when you are no longer using the proxy server.
Most people find local port forwarding easier to use than the dynamic port forwarding. However, the later affords you more flexibility since you are no longer required to apply a predefined remote port and server.
Remote port forwarding
This allows connections from the SSH server, which are forwarded through the SSH client, and afterward forwarded to a destination server. Supposing your local server or computer does not have an internet routable IP address, remote port forwarding will still let you connect to it using the forwarded port and the remote server IP address.
In short, the essence of remote port forwarding is to permit a remote server to gain access to the resources on your local device.
How does SSH port forwarding work?
Port forwarding starts with the packets that are generated when you forward a data request over the Internet. Your network router will typically assess the header of an IP packet and forward it to the connected and proper interface. This will then transfer the data to the target information in the header.
However, with port forwarding, the intercepting device or application browses the packet header, takes note of the destination, and later modifies the header information. This is then sent to a different computer than the one intended. The subordinate host destination may have a different port on the same IP address, a different IP address on the same port, or a totally different mixture of the two.
Explaining port forwarding with an example
To understand how SSH port forwarding works, you may need to first understand the way the Internet functions. So how does the internet work? The Internet allocates computers virtual “ports”, similar to the USB ports you have on your computer systems.
Let’s assume you want to share a file on your phone with your PC. First, you connect the USB port at the bottom of your phone to the USB port on your computer. Afterward, your PC will have a dialogue with your phone about the file you want to send. It will then show you all the results.
However, unlike your USB port, there is no physical connection, or visible port, or wire that can help you connect to the internet. The whole concept of the internet port is just to help you understand what your computer is doing. Just know that the internet has two types of the port which include the strange ‘UDP’ port and the normal ‘TCP’ port.
Furthermore, every computer has precisely 65,535 TCP ports, with some ports having unique functions. Your web browser knows which port to connect to at all times. Suppose your external client expects to connect to port 80 on a web browser running on your private network.
All you need to do is enable port forwarding, which would statically map the external IP address and port 80 to the internal IP address and port 80. This is what port forwarding involves.
Why you need EC-Council’s LPT (Master): Licensed Penetration Tester?
The LPT (Master) certification program is the climax to EC-Council’s entire penetration testing training online. Beginning from the Certified Ethical Hacker Program (CEH) to the EC-Council Certified Security Analyst (ECSA) Program, LPT simulates a physical penetration test, accompanied by an additional report to the client.
The purpose of the LPT Certification offered by the EC-Council is to differentiate the experts from the learners. Unless you want to be nothing short of a professional penetration tester, do not attempt the LPT practical exam. It’s not for you.
The LPT exam is an 18-hour long, rigorous exam. The exam is hands-on only with no prior course or written exam preceding the hands-on exam. The LPT exam requires you to prove your mastery in conducting a full Blackbox penetration test of a network provided to you by the EC-Council. There’s no time to waste, as you’ll be facing a ticking clock! For more information about the world’s most advanced penetration testing program, click here!