Things to do with SSH

From Wikipedia:

Secure Shell (SSH) is a network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network: a server and a client (running SSH server and SSH client programs, respectively).[1] The protocol specification distinguishes two major versions that are referred to as SSH-1 and SSH-2.

Now that we know what is SSH, let me show somethings.

Imagine the follow situation:

You are on a promiscuous network and you need to get your mails. The comunication with the server is not encrypted, thus, someone that sniffing network traffic, can have your username/password !

But you have a SSH service running on someplace ( your home, free shell, etc 😉 )

Normally, you provide user/password . Of course you can use KEYS too !

# ssh

Note: On windows machine, you can use putty/plink. Google for it …..

We will encrypt the communication on local network!

# ssh -L

Note: A shell will open at your, try to pass -LNnf, it will run shell session in background. Remember: # man ssh


A local tunnel ( Local Forward, parameter “-L” ) was created locally to local computer at port 2525 using to forward packets to at port 25

Note: You need to be root to bind to TCP port <1024. In example I used 2525.

In your computer, try configure your mail client to get emails from: and port 2525

Hummm, can I do this of inverse form ? I’ m asking because I only can read my mail from my job ….

Of couse … You can !!!!, try change -L to -R

# ssh -R


A Remote tunnel ( Remote Forward, parameter “-R” ) was created locally to remote computer at port 2525 using YOUR HOST to forward packets to at port 25

To finalize SSH as SOCKS

From Wikipedia:

Practically, a SOCKS server will proxy TCP connections to an arbitrary IP address as well as providing a means for UDP packets to be forwarded.

For this:

# ssh -DnNf


A Dynamic  tunnel ( Dynamic  Forward, parameter “-D” ) was created locally at port 1080. All traffic, including udp protocol, will be forwarded to

Configure your favorite browser to use Proxy, put and port 1080, select socks and type 5 , and then, open a website as and see ip of your ssh server !

Tips: Combine the knowledge here acquired, with article published here. “Stay anonymous and SSH honeypot”

Bypass firewalls, etc.

If you have some tip, please comment, and we will add to here, contribute ! Share your knowledge !  🙂

All traffic between SSH SERVER and SSH CLIENT is CRYPTO !

Happy hacking !


This entry was posted in Information, Network and tagged , , , . Bookmark the permalink.