SSH (Secure Shell) is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding TCP ports and X11 connections it can transfer files using the associated SFTP or SCP protocols.
#Netcat ssh proxy how to
I will leave that investigation for another day.This howto describe how to ssh outside another network / server using authenticated proxy. I looked at the RFC for SSH, but I did not see anything about packet type 30 vs 31. Our log.txt looks like this: SSH-2.0-OpenSSH_6.7p1 first line declares it's protocol type, and the next lines appear to be describing something about encryption. It sent a packet type 30, and received the same type back while it expected to get type 31.
![netcat ssh proxy netcat ssh proxy](https://oioki.ru/wp-content/uploads/2017/09/ctf8.png)
Using it as a Prox圜ommand, we can see what ssh sends to an ssh server while also echoing it back to the process like this: $ ssh -o Prox圜ommand='tee log.txt | cat' anyhostĭisconnecting: Protocol error: expected packet type 31, got 30Īs you can see, it fails to make a connection. If we run tee log.txt | cat by itself, we can type lines and have them echoed back to us while also having the lines we enter saved to a file. You can see this in action by using regular cat instead of netcat in a Prox圜ommand. The ssh client then starts sending data over that STDIN and receiving it via the STDOUT to establish it's connection. So the Prox圜ommand is creating a process which has it's STDIN and STDOUT hooked up to a TCP connection on machineB. Your standard input is then sent to the host, and anything that comes back across the connection is sent to your standard output. Here's a snippet from the manpage (on Debian) describing what it's doing in this scenario: In the simplest usage, "nc host port" creates a TCP connection to the given port on the given target host. Netcat is a networking utility that can do lots of neat things. (Sidenote: you can also exclude certain hosts, so you might do something like Host *. ! if firsthop is the machine that you can connect to.) For instance, instead of Host machineB, you could do Host *., and then you wouldn't need a separate set of commands for each of your machines. Using these template parameters is useful if you want to do pattern matching in your config file. In the case of us calling ssh machineB, these arguments would become machineB 22 since 22 is the default port for SSH. The arguments to this are %h %p which get expanded to the provided host and port. Now what is that command actually doing? It first opens an ssh connection to machineA, then on that machine calls the nc (netcat) utility. After putting those lines in your ~/.ssh/config, you can type ssh machineB and it will do the proxying for you behind the scenes. This is useful if machineA is accessible from the public internet, but machineB is not. That means all the traffic from your computer to machineB and from machineB to your computer passes through machineA.
![netcat ssh proxy netcat ssh proxy](http://4.bp.blogspot.com/-GdNJfHlSK8c/T98tUZJJzBI/AAAAAAAAAbk/NgKBc12xnxs/s1600/Screenshot%2Bfrom%2B2012-06-18%2B15%253A27%253A12.png)
This is connecting to machineB using machineA as a "proxy". I'll go through a couple of the commands mentioned in those articles, describe what they do, and then dig a little deeper into how they do it. There are a number of useful articles that give commands to make this kind of thing work.
![netcat ssh proxy netcat ssh proxy](https://i2.wp.com/shazi.info/wp-content/uploads/2015/05/2015-05-18_092915.png)
![netcat ssh proxy netcat ssh proxy](http://bechtsoudis.com/archive/wp-content/gallery/reverse_tcp_socks_proxy/reverse_socks_8.jpg)
For work, I needed to SSH to one machine, change user, and then SSH to another machine. I found myself looking at articles regarding SSH Prox圜ommand's this week.