BlackPropaganda/SSH_port_forwarding.txt

## SSH_port_forwarding.txt
SSH Port forwarding is a very useful pivoting technique and security feature. It allows a server to route traffic
from clients to local resources such as web sites hosted on a server, or securing FTP connections. SSH port forwarding
allows insecure applications to be secured by SSH authentication.

There are three major types:
* Local Port forwarding
  * This makes services hosted on the SSH server to be available to the client.
* Remote Port Forwarding
  * This makes services hosted on the SSH client available to the Server.
* Dynamic Port Forwarding
  * This turns the SSH server into a Socks5 Proxy to route client traffic through.

Both Local and Remote are more strict relative to Dynamic. The ports must be known beforehand.

To make a SSH server service available to the SSH client (Local Port Forwarding), run this:

  ssh -L <client_port>:localhost:<server_port> <user>@<ssh_server>

To make a client service available to the SSH server, run this:

  ssh -R <server_port>:localhost:<local_port> <user>@<ssh_server>

To create a Dynamic Forward (Socks5 proxy) tunneled to the Server, run this:

  ssh -D 1080 <user>@<ssh_server>

## Configuring the server for Port Forwarding

At the bottom of the SSHD configuration file /etc/ssh/sshd_config append this:

  Match User <new_user>
       AllowTcpForwarding yes
       GatewayPorts yes

This allows for two things. First, TCP forwarding. Second, Gateway Ports. This means that the server can route
traffic through a gateway to the larger LAN and WAN.
	SSH Port forwarding is a very useful pivoting technique and security feature. It allows a server to route traffic
	from clients to local resources such as web sites hosted on a server, or securing FTP connections. SSH port forwarding
	allows insecure applications to be secured by SSH authentication.

	There are three major types:
	* Local Port forwarding
	* This makes services hosted on the SSH server to be available to the client.
	* Remote Port Forwarding
	* This makes services hosted on the SSH client available to the Server.
	* Dynamic Port Forwarding
	* This turns the SSH server into a Socks5 Proxy to route client traffic through.

	Both Local and Remote are more strict relative to Dynamic. The ports must be known beforehand.

	To make a SSH server service available to the SSH client (Local Port Forwarding), run this:

	ssh -L <client_port>:localhost:<server_port> <user>@<ssh_server>

	To make a client service available to the SSH server, run this:

	ssh -R <server_port>:localhost:<local_port> <user>@<ssh_server>

	To create a Dynamic Forward (Socks5 proxy) tunneled to the Server, run this:

	ssh -D 1080 <user>@<ssh_server>

	## Configuring the server for Port Forwarding

	At the bottom of the SSHD configuration file /etc/ssh/sshd_config append this:

	Match User <new_user>
	AllowTcpForwarding yes
	GatewayPorts yes

	This allows for two things. First, TCP forwarding. Second, Gateway Ports. This means that the server can route
	traffic through a gateway to the larger LAN and WAN.