BlackPropaganda · July 15, 2023 23:25
diff --git a/SSH_port_forwarding.txt b/SSH_port_forwarding.txt
 SSH Port forwarding is a very useful pivoting technique and security feature. It allows a server to route traffic 
 from clients to local resources such as web sites hosted on a server, or securing FTP connections. SSH port forwarding 
 allows insecure applications to be secured by SSH authentication.

 There are three major types:
 * Local Port forwarding
  * This makes services hosted on the SSH server to be available to the client.
 * Remote Port Forwarding
  * This makes services hosted on the SSH client available to the Server.
 * Dynamic Port Forwarding
  * This turns the SSH server into a Socks5 Proxy to route client traffic through.
  
 Both Local and Remote are more strict relative to Dynamic. The ports must be known beforehand.

 To make a SSH server service available to the SSH client (Local Port Forwarding), run this:

  ssh -L <client_port>:localhost:<server_port> <user>@<ssh_server>

 To make a client service available to the SSH server, run this:

  ssh -R <server_port>:localhost:<local_port> <user>@<ssh_server>

 To create a Dynamic Forward (Socks5 proxy) tunneled to the Server, run this:

  ssh -D 1080 <user>@<ssh_server>

 ## Configuring the server for Port Forwarding

 At the bottom of the SSHD configuration file /etc/ssh/sshd_config append this:

  Match User <new_user>
       AllowTcpForwarding yes
       GatewayPorts yes

 This allows for two things. First, TCP forwarding. Second, Gateway Ports. This means that the server can route
 traffic through a gateway to the larger LAN and WAN.
	SSH Port forwarding is a very useful pivoting technique and security feature. It allows a server to route traffic
	from clients to local resources such as web sites hosted on a server, or securing FTP connections. SSH port forwarding
	allows insecure applications to be secured by SSH authentication.

	There are three major types:
	* Local Port forwarding
	* This makes services hosted on the SSH server to be available to the client.
	* Remote Port Forwarding
	* This makes services hosted on the SSH client available to the Server.
	* Dynamic Port Forwarding
	* This turns the SSH server into a Socks5 Proxy to route client traffic through.

	Both Local and Remote are more strict relative to Dynamic. The ports must be known beforehand.

	To make a SSH server service available to the SSH client (Local Port Forwarding), run this:

	ssh -L <client_port>:localhost:<server_port> <user>@<ssh_server>

	To make a client service available to the SSH server, run this:

	ssh -R <server_port>:localhost:<local_port> <user>@<ssh_server>

	To create a Dynamic Forward (Socks5 proxy) tunneled to the Server, run this:

	ssh -D 1080 <user>@<ssh_server>

	## Configuring the server for Port Forwarding

	At the bottom of the SSHD configuration file /etc/ssh/sshd_config append this:

	Match User <new_user>
	AllowTcpForwarding yes
	GatewayPorts yes

	This allows for two things. First, TCP forwarding. Second, Gateway Ports. This means that the server can route
	traffic through a gateway to the larger LAN and WAN.