Net::SSH forward not working - ruby

I want to forward a port via Net::SSH like this:
ssh = Net::SSH.start('host', 'user', config: true)
ssh.forward.local(3333, 'localhost', 80)
ssh.loop
which to my understanding translates to the equivalent of:
ssh user#host -L 3333:localhost:80
With the command line version I can send an HTTP request to localhost:3333 and get an answer from localhost:80 on the remote host. With the Ruby version I don't get any answer.
Any ideas why?
Edit:
I tried net-ssh-gateway and it works. Looking at its code, I can't really see what's different there in terms of what it does to establish the connection.

Related

How to proxy net-sftp?

I'm using net-sftp which relies on the net-ssh gem.
I'm trying to connect to a remote log service via SFTP, and it requires IP whitelisting. All my current servers have dynamic IPs.
I'm trying to set up a static, secure, proxy server in Google Cloud. I don't really understand all the differences between all the types of proxying, but net-ssh appears to support...
socks4
socks5
'jump' proxy
I looked into setting up a socks5 proxy with Dante but it appears a bit overkill just to relay the SFTP connection through it, not to mention I think it sends passwords in plain text.
How would I go about proxying net-sftp through some server in the easiest way?
The easiest way would be to setup a Jump-host server that can reach the target servers and then connecting to the target server by letting the Jump-host server proxy your connection through.
SSH makes it trivially easy:
ssh -J user#jump-host myuser#target-host
In your .ssh/config you can do the following:
### First jump-host. Directly reachable
Host jump-host
HostName jum-phost.example.org
### Host to jump to via jump-host.example.org
Host target-host
HostName target-host.example.org
ProxyJump jump-host
This will allow you to use net-ssh as usual. If you dont want to change the config file then you will have to use 'net/ssh/proxy/jump':
require 'net/ssh/proxy/jump'
proxy = Net::SSH::Proxy::Jump.new('user#proxy')
Net::SSH.start('host', 'user', :proxy => proxy) do |ssh|
...
end
See this article for more info on Jump Hosts.

VNC viewer failing to make connection with "channel 3: open failed: connect failed: No route to host"

I ssh into a server with the following:
ssh -g -L5912:server:5912 user#host
It goes through, and I can access my files on the other server through the command line (meaning I can connect to the server, it is my vnc viewer that is failing!) but when I try to open my vnc viewer (RealVNC) and connect to localhost:12 i get the following error message in the vnc viewer application:
The connection closed unexpectedly.
Additionally in the original command line shell i get:
channel 3: open failed: connect failed: No route to host
I've tried switching to different ports and even checked out other posts on the same error message but the problem is i don't really understand them... ssh tunnels are still relatively new to me so i don't really know what im doing. Any help would be greatly appreciated. Thanks!
You're trying to setup a port forwarding, this may fail because of many reasons:
SSH port forwarding not enabled in the host
Check SSH server in the host if AllowTcpForwarding is enabled:
$ grep AllowTcpForwarding /etc/ssh/sshd_config
AllowTcpForwarding yes
Typically, it's commented out. Uncomment and restart the sshd.
No connection between the host and server over port 5912
SSH to the host and try:
$ telnet server 5912
Connected to server.
Escape character is '^]'.
Finally, does the server listen on 5912?
Similarly, as above, but from the server - go there and try telnet server 5912.
Best regards,
Jarek
In my case it was the port forwarding rule I had set in Putty.
Please make sure you enter the correct hostname when defining the rule in Putty. I changed
localhost:5903
with
myserver:5903
and it worked...

Multiple Reverse shells using the same public port

I´ve got a Server behind a firewall and the firewall only allows traffic through port 22. This server has both public and private addresses.
I´ve got also about 1K clients that I need to reverse shell to this server, and be able to choose one of them by id when I want that ssh reversed tunnel.
My goal is to make the clients connect to ssh server via port 22, and each one of this connections should be forwarded to localhost on port with the same id.
When I connect to the server with my laptop also via ssh, I would then ssh to localhost on the correct id and get the client shell.
Can someone provide me the good path to achieve this behaviour using bash, ssh and linux tools?
Note - I don´t want to use client.py and server.py cause most of my clients are android based and it could easily become a nightmare to install python on all of them.
The problem - it was solved using remote port forwarding:
ssh -R 21:localhost:8888 user#server
In this command the 8888 represents the terminal id. In order for this to work, had to add this line to my ssh conf:
GatewayPorts yes

How do I pass a blank proxy username/password using curl?

I’m using bash shell on Mac El Capitan. How do I pass a blank username/password for a proxy server using curl? I tried this
localhost:tmp davea$ curl http://www.google.com --proxy localhost:9050 --proxy-user "":""
514 Authentication required.
I’m running a tor daemon on my machine using this command
tor --CookieAuthentication 0 --HashedControlPassword "" --ControlPort 9050 --SocksPort 50001
and I’m able to connect through Telnet without entering a password like so
localhost:tmp davea$ telnet localhost 9050
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
AUTHENTICATE
250 OK
so I know that my password, at least, is correct.
Note that when using curl from the command line, the --proxy option is specifically for use with an HTTP proxy which Tor is not, it's a SOCKS proxy.
To get around this, use what Nehal suggested in the comments to use a SOCKS proxy (you'll probably want to use --socks5-hostname instead so the DNS resolution is also performed over Tor as well, otherwise you leak DNS requests locally).
So your call would look like:
curl http://www.google.com -L --socks5-hostname localhost:50001
Side note: The control port (9050) is only used for communicating commands to the controller. This port is not used to proxy requests at all.

Run MySQL query over multiple SSH tunnels?

I have a situation somewhat similar to "How to create a ssh tunnel in ruby and then connect to mysql server on the remote host."
From my local machine, I want to run a query against a production MySQL database host.
My local machine cannot directly connect to the database host. However, if I SSH to a gateway machine, I can run the MySQL client and connect to the database host.
I'm trying to figure out how to programmatically to run a query from my machine that is forwarded to the gateway machine, which forwards it to the database server, and have results returned. Basically I want to have LOCAL => GATEWAY => DB_HOST forwarding.
I have a hacky solution that runs ssh.exec and MySQL on the command line, shown below, but, I'm trying to find a way that does port forwarding twice.
I tried, but haven't been successful so far.
require 'rubygems'
require 'mysql2'
require 'net/ssh/gateway'
gateway = Net::SSH::Gateway.new(
$gateway_host, $gateway_user,:password => $gateway_pass)
# This works
ssh = gateway.ssh($db_host, $db_login_user)
data = ssh.exec!("mysql -u#{$db_user} -p#{$db_pass} #{$db_name} -e '#{$sql_query}'")
puts "#{data.class} is the class type"
puts data
# Want to do something like this with port forwarding
# client = Mysql2::Client.new(:host => $db_host,
# :username => $db_user,
# :password => $db_pass,
# :database => $db_name,
# :port => port)
# results = client.query($sql_query)
puts "end stuff"
ssh.close
Any suggestions?
Your diagram lays it out fairly well, you would need a tunnel from the Gateway to the Db_Host; and a second tunnel from your local machine to the gateway. The two tunnels would effectively connect your local machine to the db_host by way of the gateway.
Here's a reference specific to tunneling MySQL over SSH

Resources