27.3 C
Texas

How to enable local port forwarding using Ubuntu 20.04 and ssh

SSH, a very popular tool found almost with every IT guy. Commonly, when we talk about the insecure network for data, ssh is the tool that is most trustworthy. To protect data against attacks local port forwarding can help, the ssh protocol uses encryption to secure connections. Almost all of the ssh tools, come as free. Putty can be an example.

What all we require to make ssh run.

  • Here, in our scenario, we gonna use Ubuntu 20.04 as OS.
  • Open TCP port 22 on firewall, if required.
  • Create local users.
  • Control user access with directory server-PAM, or manually in /etc/sshd/sshd_config

Install SSH Services

Lets install application first.

#apt-get update
- Advertisement -

Install required package.

#apt install openssh-server

Check what is the IP address of ssh server.

# ip a | grep inet 

SSH server IP is 192.168.1.62

Check service status.

# systemctl status ssh
Check ssh service status.
Check ssh service status.

Local port forwarding with ssh server.

A tunnel can be created with SSH to forward a port on another server. SSH can be used to provide the proxy, which can be used to send web traffic.

Let’s see how to use ssh to protect the network by using port forwarding.

Scenario:

Here we have,

  • A web server- 192.168.1.161 installed with ssh service as well.
  • An SSH server- 192.168.1.62
  • Localhost – 192.168.1.268, where local port forwarding required to configure, installed with ssh service.

As described, in the illustrated diagram below, a local host machine wants to connect with the web server over the internet. A firewall is protecting that webserver. But for a web server, problem is that all communication taking place is in plain text. A secure tunnel protected with ssh can resolve the security issue here and we can establish secure communication with any remote user. We will establish a secure ssh tunnel between ssh server sitting next to the web server and all our communication from localhost will be via ssh.

Illustration to represent the local port forwarding
Illustration to represent the local port forwarding

To run our test lets install webservices on 192.168.1.161

# apt update 
# apt-install apache2

Check if service are running or not, on webserver.

#systemctl status apache2
check apache service status
check apache service status

Note: Refer previous steps, for how-to install ssh.

Enable local port forwarding

On server 192.168.1.161 let’s have a look at the webserver status, working fine.

browse webserver and check status
browse webserver and check status

Let’s Login to our local host machine i.e. 192.168.1.268 to establish a secure ssh tunnel.

# ssh -L 9090:192.168.1.161:80 [email protected]

Where -L is the localhost machine we are logged in. 9090 any free port we can use, 192.168.1.161:80 is the address of HTTP server, 192.168.1.62 is ssh server with which localhost will establish a tunnel.

ssh port forwarding explained
ssh port forwarding explained

Now, we will see that webserver is available on localhost magically. Have a look:

webserver status after port forwarding with ssh
webserver status after port forwarding with ssh

Even if we disconnect ssh session, port forwarding will be still effective.

Port forwarding working after exit from ssh remote server.
Port forwarding working after exit from ssh remote server.

Lets close that tunnel, get ssh process id.

ps -x | grep ssh
864 ? Ss 0:00 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
5131 pts/0 S+ 0:00 grep --color=auto ssh

Kill ssh process

pkill -9 5319   

Is service up now ? No, its not!

local port forwarding service disabled.
local port forwarding service disabled.

Conclusion:

SSH enable a secure tunneling, which help to protect webservices and enable local host to access as if they are installed locally. SSH tunnel can be stopped or stopped as and when required.

- Advertisement -
Everything Linux, A.I, IT News, DataOps, Open Source and more delivered right to you.
Subscribe
"The best Linux newsletter on the web"

LEAVE A REPLY

Please enter your comment!
Please enter your name here



Latest article