LazySSH

Do SSH Efficiently.......

Project maintained by m2sup3rn0va Hosted on GitHub Pages — Theme by mattgraham

Owner : 🧛🏻‍♂️ - Mr. Sup3rN0va 06-February-2021

Tags : #ssh (💻), #pentesting (👨🏼‍💻), #tools (⚒), #cheatsheet (📜)

Table Of Contents

Lazy SSH

☝️ Back to top ☝️

SSH with Config

  • Pre-requisites

    sudo apt-get update; sudo apt-get upgrade -y; sudo apt-get install build-essential linux-headers-`uname -r` -y
sudo apt-get install sshfs -y
pip3 install -U pip paramiko --user --no-warn-script-location
  • Steps:
    • Create crypto-keys : ssh-keygen -t rsa
    • This will generate crypto-keys and save it in $HOME/.ssh/ folder
    • Now transfer your public-key on to the remote server so that you can do SSH without password
    • For that : ssh-copy-id -i $HOME/.ssh/id_rsa.pub user@10.0.0.1
    • Now create the config file on your machine in $HOME/.ssh folder as
    Host b0x
  Hostname 10.0.0.1
  User user
  Port 22
  Compression yes
  IdentityFile ~/.ssh/id_rsa
  ForwardX11 yes
  Protocol 2
  StrictHostKeyChecking no
    • Change the permissions of the file : chmod 600 $HOME/.ssh/config
  • Now you can do ssh b0x and you are in without password : EASY EASY 😋

☝️ Back to top ☝️

Local, Remote and Dynamic Port Forwarding

  • This is required when you have to access some services which are by default running on local ports to which you don’t have access to on a VM
  • Port forwarding helps you to access not reachable services

  • Open the config created above and add these lines

    Host b0x
  LocalForward 31337 127.0.0.1:31337
  RemoteForward 8000 127.0.0.1:8000
  • Here the format is
    • Local Port Forwarding : <LocalForward> <LocalIP>:<LocalPort> <RemoteIP>:<RemotePort>
    • RemoteForward : <RemoteForward> <RemoteIP>:<RemotePort> <LocalIP>:<LocalPort>
  • Here if you see entry starts with port because by default, it takes IP as 127.0.0.1
  • Now to only port-forward : ssh -f -N b0x
  • If you want to SSH as well as port-forward both, then ssh b0x
  • If you want to do this directly then : ssh -f -N -L 31337:127.0.0.1:31337 <SSH_Server>
    • -f : tells to background SSH
    • -N : tells not to execute remote command. Only used at the time of port-forwarding
    • -L : tells that we are trying local port forwarding
  • For Remote Port Forwarding : ssh -f -N -R <REMOTE_IP>:<REMOTE_PORT>:<LOCAL_IP>:<LOCAL_PORT> <SSH_SERVER>
  • For Dynamic Port Forwarding : ssh -D 8123 -f -C -q -N via_host
    • This is also called as SOCKS Proxy
    • -D : tells that you are trying Dynamic Port Forwarding
    • -f : tells SSH to go to background
    • -C : tells SSH to compress data before sending
    • -q : quiet mode enabled
    • -N : tells not to execute remote command. Only used at the time of port-forwarding
  • To add Dynamic Port Forwarding in config file, add this line : DynamicForward 8080
  • Reference:

☝️ Back to top ☝️

</div>

Mount Remote Drives using SSHFS

  • This is one of the best features I came across which assists us in mounting remote drive via SSH tunnel
  • From pre-requisites, we have already installed paramiko and sshfs
  • I have created scripts which will help us mounting remote drives via SSH
  • SSH-Mount : SSH-Mount
  • SSH-Umount : SSH-Umount
  • Reference:

NOTE: Both the mount points are in $HOME directories

☝️ Back to top ☝️

</div>

Sample Config File

  Host b0x
    Hostname 10.0.0.1
    User user
    Port 22
    Compression yes
    IdentityFile $HOME/.ssh/id_rsa
    ForwardX11 yes
    Protocol 2
    StrictHostKeyChecking no
    LocalForward 31337 127.0.0.1:31337 # ---- Only if necessary
    RemoteForward 8000 127.0.0.1:8000 # ---- Only if necessary
    DynamicForward 8080 # ---- Only if necessary

NOTE : Please remove everything including and after # ----