SSH VPN

Nope, I didn’t just yell at you using all caps in the subject. Just for the fun of it, let’s expand that one out.

"Secure Shell Virtual Private Network"

That sure sounds like a phrase you’d hear in some bad hacker movie.

All sarcasm aside, this is probably one of the coolest things you can do with SSH in my opinion. I wrote a post about this a ways back, but it was limited only to forwarding and reverse forwarding SSH tunnels. I recently discovered though that SSH can open this cool thing called a SOCKS proxy (short for Socket Secure Proxy) when using the -D switch. SOCKS proxies, unlike SSH tunnels, allow you to funnel all protocols/traffic through this one port, just like a VPN. The one downside is to use this for everything, you either have to be masterful with iptables, have tsocks installed, or have the BSD version of netcat installed to work some magic.

Real Application

At work this comes in handy because of the way the networks are set up. Avoiding all bias about how right or wrong our networks are configured, I often need to connect to a particular remote system that sits in a subnet accessible only through two jump systems ( jump0 → jump1 → destination ). The only way for me to get into that subnet is through two jump boxes. Jump box 1 is only accessible from jump box 0 and the remote system I need access to is only accessible from jump box 1. That means to get to my remote system, I need to ssh to jump box 0, from there ssh to jump box 1, and from there ssh to my destination system. This is really cumbersome when I need to work on multiple systems within this far off subnet.

Using an SSH SOCKS proxy though, I can have everything set up so I don’t have to keep opening three nested SSH sessions just to access a single box. Here’s how it’s done.

How it’s Done

  • SSH to jump box 0 using the following command

    • ssh -L 1080:localhost:1080 jiminy@jump0

  • Using the previously established session, ssh to jump box 1 using the following command

    • ssh -D 1080 jiminy@jump1

We now have two nested ssh sessions. The first forwards remote port 1080 to localhost:1080. The second ssh command opens a SOCKS proxy on jump box 0 through to jump box 1. Remember how port 1080 is forwarded to our local box with the first ssh session?

Now, just open an ssh session to any system that is only accessible from jump box 1 and your traffic will be forwarded straight on through.

tsocks ssh jiminy@WayFarOut

Yay!

One Last Thing…​

There was one thing I discovered that was problematic for me on jump box 0. It turns out that the default configuration for SSH won’t allow forwarding of SSH traffic. If you’re seeing an error like this

channel 0: open failed: administratively prohibited: open failed

…​you need to set PermitTunnel in /etc/sshd_config to yes on any boxes forwarding the SOCKS proxies.

Category:SSH Category:Linux