I really struggled to understand this and now I’m finally starting to grasp it. Not sure why this blows my mind so much, almost feel like the confusion comes from overthinking it.
I can't believe I still run into great shows on TH-cam which have existed for decades yet I had no idea about their existence.... ... Kudos to entire team.
Greate video. But there is a common mistake that happens in most of the SSH tuitors and make the second sample confusing. The port opened on local host and remote host are the same-5901. So it is hard to understand the exact meaning of the port1:IP:port2.
There are 2 things never discussed that are required: 1) You need to have a publicly accessible server, such as a hosting account with SSH enabled. 2) The ssh server must have GatewayFowardering turned on in the SSH server settings, which may not be possible on some hosting providers.
still not clear on the reverse SSH.. because both the connection looks same.. may be if we can explain with an better example may help with cloud involved
Great example! Maybe it's my Ubuntu 10.10, but it was my experience that the configuration you demonstrated for remote forwarding only allows forwarding from the server "localhost". To configure to allow forwarding of any host on the network connected to the evil server, the /etc/ssh/ssh_config file had to be modified with a line added: GatewayPorts clientspecified and, the host IP had to be specified in the ssh command like so: ssh -R evil-server:8080:localhost:80 user@evil-server
It could be even easier to understand if the ip address / computer names are also written down in the picture. But this video did help me undertand the use of -L, which aonther video had me confused.
can we describe more what is user@host? can it be the public ip address of the host? how do we set the "user" name ? and another thing is the password that you typed when you run the command. How do we set those?
Now if someone connected to that vml server through port 5901 why would it not redirect back to your laptop? Since those two ports appear to be bound together. If You could help me clear that up I would greatly appreciate it.
I still do not understand the SSH port forwardig syntax? Whats up with this 80:localhost:8080? Is there more clearer way to understand this syntax? I mean what the hell ssh developers! XD
As I remember the main clue for remembering port forwarding is to understand that MyPort:RemotePort and this rule/convention almost everywhere applies in all Linux utilities. And let's not forget about the manual :)
@@maratgainutdinov9722 Thankyou for your reply. I read the manual couple of times (skimmed) and now I understand the syntax. I prefer the more explicit version like localhost:80:localhost:80 for source and destination sockets. Thankyou for being kind and patient. (Y) Lets learn something new now. Cheers
I just cannot keep track of where you type the command... It's obviously clear in your all's heads but in theory you can type the command on the laptop or on the server and I can't tell which numbers align with with side of things. I'm trying to get a remote debugger setup for node.js scripts and I just can't seem to get the job done. Insights would be helpful
Darren Hi, Could you pls make a video about chaining the ssh tunnels? for instance when you want to access to machine in a LAN only accessible via jump box.
Darren, i've got a question: I use PuTTY on Windows to use SSH Forwarding, but if i'm using the remote option. If I run apache for Windows on the client (192.168.2.123:80), and forward it to the Linux server, i can only access it on the linux-box (localhost:80), and not outside my network, and i've open the ports of the linux-box. Can you help?
nice one :D But what can I do when I´m using a Wirelles-router and it only shows my network ip ex. 10.0.0.1... Is my WAN important or not ? Please help :(
Guys you make really good videos, but please try to stick to the point and minimize side noise, which you have a ton of, in your videos. No one has enough time to wait through all the unnecessary stuff to get to the actual technical content, they were here for, in the first place.
Yup thats true but not during the time when he is explaining. Its disturbing and annoying. May be they have to rehearse a little more not to talk in between.
8 years later and this is still one of the best resources I've found to understand this concept. Great job !
10*
One of the Finest Resource to learn about Port Forwarding...
I really struggled to understand this and now I’m finally starting to grasp it. Not sure why this blows my mind so much, almost feel like the confusion comes from overthinking it.
I can't believe I still run into great shows on TH-cam which have existed for decades yet I had no idea about their existence.... ... Kudos to entire team.
ikr
Great stuff. All too often you get "how to" specifics or "how it works" abstractly. Thanks for providing both at once.
Thank you! I still send this video to friends who are trying to understand SSH Tunneling. Very well explained. Thank you :)
Love you guys so much ❤ shannon darren digital OGs
Very clear explanation. Thank you!!
lo is not "local", is loopback
Awesome video. Informative, well-produced, well-edited, useful and provides practical information
I'm a fan of your work. keep going
Great job guys. I loved it
Greate video. But there is a common mistake that happens in most of the SSH tuitors and make the second sample confusing. The port opened on local host and remote host are the same-5901. So it is hard to understand the exact meaning of the port1:IP:port2.
There are 2 things never discussed that are required:
1) You need to have a publicly accessible server, such as a hosting account with SSH enabled.
2) The ssh server must have GatewayFowardering turned on in the SSH server settings, which may not be possible on some hosting providers.
still not clear on the reverse SSH.. because both the connection looks same.. may be if we can explain with an better example may help with cloud involved
I allays love staying up till 12 just to watch your guys vids. Any body ells agree?
Great example! Maybe it's my Ubuntu 10.10, but it was my experience that the configuration you demonstrated for remote forwarding only allows forwarding from the server "localhost". To configure to allow forwarding of any host on the network connected to the evil server, the /etc/ssh/ssh_config file had to be modified with a line added:
GatewayPorts clientspecified
and, the host IP had to be specified in the ssh command like so:
ssh -R evil-server:8080:localhost:80 user@evil-server
Cut the Britny Spears cheap pop garbage talk - do the explanation, you can di it really well
Ssh tunneling is awesome
It could be even easier to understand if the ip address / computer names are also written down in the picture. But this video did help me undertand the use of -L, which aonther video had me confused.
can we describe more what is user@host? can it be the public ip address of the host? how do we set the "user" name ? and another thing is the password that you typed when you run the command. How do we set those?
Can this be used as a "manual" way of doing what Metasploit's autoroute does?
Great video ! Thanks !
Now if someone connected to that vml server through port 5901 why would it not redirect back to your laptop? Since those two ports appear to be bound together. If You could help me clear that up I would greatly appreciate it.
Hey folks, nice vid. Am I wrong in saying that the 'localhost' refers to the laptop when it's -L and the server when it's -R?
about 3 weeks ago. helps that we upload super high res too ;)
I still do not understand the SSH port forwardig syntax? Whats up with this 80:localhost:8080?
Is there more clearer way to understand this syntax? I mean what the hell ssh developers! XD
As I remember the main clue for remembering port forwarding is to understand that MyPort:RemotePort and this rule/convention almost everywhere applies in all Linux utilities.
And let's not forget about the manual :)
@@maratgainutdinov9722 Thankyou for your reply. I read the manual couple of times (skimmed) and now I understand the syntax. I prefer the more explicit version like localhost:80:localhost:80 for source and destination sockets. Thankyou for being kind and patient. (Y) Lets learn something new now. Cheers
I just cannot keep track of where you type the command... It's obviously clear in your all's heads but in theory you can type the command on the laptop or on the server and I can't tell which numbers align with with side of things. I'm trying to get a remote debugger setup for node.js scripts and I just can't seem to get the job done. Insights would be helpful
does it mean that GatewayPorts "clientspecified" is port 8080 ?
Any tip o risk of letting some service exposed to certain port in a remote server that it is accessible to everyone on that port?
Very nice explanation but I dont understand something, why is the girl there? IS it the 5318008?
Does it only works with tcp?
You could also use OpenVPN to setup a secure local network between you and your server(s)
Do you have to change some config files for this to work? Probably but you are not saying anything about it.
Is it possiable in win rat ?
Darren Hi,
Could you pls make a video about chaining the ssh tunnels? for instance when you want to access to machine in a LAN only accessible via jump box.
Why is 'Snubs' on Hak5?
Snubs "A firewall, oh no! Just like prison. You can get in, but you can't get out." lol
Does Shannon still here?
she has her own channel now
Subtitles please?
How about if company network administrator has blocked port 22 on company side?
They wont.. because dont know how else to manage the servers...
Have something happend to the quality on TH-cam? This is so good!
thanks for showing that i was wondering local vs remote from the first ssh proxy episode
👍👍
nice job
Darren, i've got a question: I use PuTTY on Windows to use SSH Forwarding, but if i'm using the remote option. If I run apache for Windows on the client (192.168.2.123:80), and forward it to the Linux server, i can only access it on the linux-box (localhost:80), and not outside my network, and i've open the ports of the linux-box. Can you help?
nice one :D
But what can I do when I´m using a Wirelles-router and it only shows my network ip ex. 10.0.0.1...
Is my WAN important or not ?
Please help :(
sshd??? what is tyhe best free service for debian?, sorry newb here
My ISP Blocking All Ports.What to do ??
Sam Rich Get A New ISP xD
But On A Serious Note Get A VPN
Sam Richardson Use ngrok or pagekite. They're astonishingly good at bypassing that kind of nonsense.
Funny Techies.. Keep Posted...:)
ssh://
Unbenounced to him the Log4j vulnerability awaited patiently in the shadows.
explanation of the concept was very good . Could have avoided those unwanted animations .
yes that was awesome...
awesome stuff : )
We all know what that firewall looks like
Very ambiguous. More network details needed like actual network ip addresses.
I love shannon
Install gnome or your WM of choice ;)
Damn girl! You can sing!
Guys you make really good videos, but please try to stick to the point and minimize side noise, which you have a ton of, in your videos. No one has enough time to wait through all the unnecessary stuff to get to the actual technical content, they were here for, in the first place.
Lot of wasting time, not a behaviour or techie.. Long time to get to point, finally got to point and that too hovering a circle.
Let's be adult children.
Dislike, why dont you add some more info on dynamic like you did for rest of two. :(
That girl disturb me much! plz stop talking
Shateel Chowdhury Jealousy gets you no where.
The girl actually make normal people easy to understand tec. things.
Yup thats true but not during the time when he is explaining. Its disturbing and annoying. May be they have to rehearse a little more not to talk in between.
first !!!
Nice video, but the girl is sort of annoying..
confusing stuff, talk a lots
marry me shanon ......plz........plz.....plz