SSH Tunneling
MITRE ATT&CK™ Protocol Tunneling - Technique T1572
Last updated
Was this helpful?
MITRE ATT&CK™ Protocol Tunneling - Technique T1572
Last updated
Was this helpful?
SSH tunneling, also known as "SSH port forwarding," is a method that uses the secure shell (SSH) protocol to create encrypted tunnels for network connections. SSH tunneling may be used for covert communication and circumventing network security measures.
By using a SSH client with an OpenSSH server, it's possible to create both forward and reverse connections to make SSH tunnels, allowing us to forward ports, and/or create proxies.
Sshuttle uses an SSH connection to create a tunnelled proxy that acts like a new interface. In short, it simulates a VPN, allowing us to route our traffic through the proxy. As it creates a tunnel through SSH, anything we send through the tunnel is also encrypted.
We can create our tunnelled proxy by connecting with schuttle to the compromised host's SSH server.
If you don't know the user's password but have an SSH Key, we may use following command
If you get the error "Failed to flush caches: Unit dbus-org.freedesktop.resolve1.service not found...", you need to flush DNS cache.
Run sshuttle again.