Console Redirection

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
21 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
21
Video Transcription
00:00
>> Hello, Cybrarians. Welcome back to
00:00
the Linux plus course here at Cybrary.
00:00
I'm your instructor, Rob Goelz.
00:00
In today's lesson, we're going
00:00
to discuss console redirection.
00:00
Upon the completion of today's lesson,
00:00
you are going to be able to understand
00:00
the purpose of SSH port forwarding and
00:00
explain how that port forwarding can be
00:00
configured to allow for console redirection.
00:00
Console redirection is actually covered by
00:00
SSH port forwarding, so what is it?
00:00
Well, SSH port forwarding
00:00
is really just a way of creating
00:00
a secure connection or a tunnel between two systems.
00:00
It's going to allow you to redirect a connection from
00:00
any network port to Port 22, which is the SSH port.
00:00
It makes it possible for that data to
00:00
flow through an encrypted SSH tunnel.
00:00
There are a few pre-reqs however.
00:00
Each side of the connection
00:00
needs to have OpenSSH installed.
00:00
But we can check that really easy with
00:00
systemctl status sshd.
00:00
Then the port forwarding actually has to be
00:00
enabled in the configuration.
00:00
If you go into the OpenSSH configuration file,
00:00
you're going to want to set AllowTCPForwarding to yes.
00:00
There are four different types of
00:00
SSH port forwarding to know for
00:00
the exam and we'll cover those in this lesson.
00:00
The first type of port forwarding is local.
00:00
This is SSH port forwarding from a local SSH client.
00:00
It is done when you want to access
00:00
a remote resource through an SSH tunnel.
00:00
This is done via the -L for local option,
00:00
>> that's an SSH option that we pass in.
00:00
>> For example, ssh -L local port,
00:00
destination server, remote port, and SSH server.
00:00
We're going to look into this in a little
00:00
more detail with an example here.
00:00
In our example, what we're doing is ssh -L of 1337.
00:00
That's the local port.
00:00
We're going to remote system, someplace.com,
00:00
>> and the remote port over there is port 80.
00:00
>> We're going to be using the
00:00
>> localhost as our SSH server,
00:00
>> so really just ourselves.
00:00
What we're doing here is the SSH
00:00
client gets configured to use
00:00
that port 1337 for local port forwarding.
00:00
The client receives a connection on port 1337
00:00
>> and then authenticates to the localhost,
00:00
>> which is just the local SSH server.
00:00
This is going to allow us to tunnel through to
00:00
someplace.com on localhost port 1337.
00:00
But someplace.com is going to return port 80,
00:00
which we know is HTTP traffic.
00:00
It's going to return that back through
00:00
the localhost 1337 port.
00:00
The result is that if we open a browser on our machine,
00:00
on our localhost, and then go to
00:00
the address localhost 1337,
00:00
the browser then display the website, someplace.com.
00:00
But for our system, it
00:00
looks as though that port 80 traffic
00:00
is coming through port 1337
00:00
because of the tunneling we have configured.
00:00
Now, the next example of port forwarding is what's
00:00
called remote port forwarding,
00:00
and that's when port forwarding starts at
00:00
the remote host as opposed to a local SSH client.
00:00
This is done when you want to give
00:00
access to a local resource,
00:00
or a resource on your local machine,
00:00
>> or your server to a remote host
00:00
>> and you want to set it up through an SSH tunnel.
00:00
This is done using the -R option to SSH.
00:00
So -R for remote and
00:00
the example is ssh -R, remote port,
00:00
the localhost of our local machine,
00:00
the port we're going to open on our localhost,
00:00
and then user@remote-SSH-server.
00:00
We're going to see this in detail as
00:00
well with an example.
00:00
Here in our example, what we're doing is we're
00:00
opening the remote port 1337.
00:00
On the localhost, we're opening port 2049.
00:00
Were putting in user at the remote SSH as our login.
00:00
SSH is used to log in to user@remoteSSH,
00:00
and the remote SSH client opens port 1337.
00:00
From there, the connection is
00:00
initiated back to our local system.
00:00
The tunnel is opened up on the local port
00:00
on our system as 2049.
00:00
That 2049 is the port for NFS.
00:00
Localhost 2049 will return
00:00
back to the remote host on port 1337.
00:00
Then the remote client can mount NFS shares on
00:00
port 1337 through localhost.
00:00
Now, the remote client can access
00:00
NFS resources on a local server
00:00
>> here through that tunnel.
00:00
>> Now, another example of console redirection
00:00
and forwarding is X11 forwarding.
00:00
This is another setting
00:00
>> we can do through SSH forwarding.
00:00
>> It allows you to use a remote GUI component without
00:00
having to connect using a remote desktop environment.
00:00
If we have X11 on both sides,
00:00
we can use this rather than having to spin up VNC,
00:00
no machine, next RDP,
00:00
or SPICE, or any of that kind of stuff.
00:00
We just need to have a local display server running at
00:00
our machine and be running in
00:00
a GUI environment in order to use this.
00:00
Once we have that setup,
00:00
we have display servers on both sides,
00:00
all we have to do is connect to
00:00
>> the server using ssh -X.
00:00
>> Now that we've connected to the server,
00:00
we can launch any GUI program on the remote system,
00:00
on the remote server in SSH.
00:00
For example, we can bring up a browser on
00:00
our machine using Firefox,
00:00
because what it'll do is it'll redirect
00:00
that display back to our system.
00:00
It will display Firefox, the browser,
00:00
>> as if we're running locally on our machine,
00:00
>> because it will be running locally on our machine.
00:00
It will look like it's running locally on our machine.
00:00
It will open a window on
00:00
our machine with Firefox running in it.
00:00
But anything that we do in that web browser session is
00:00
actually put back and run through the remote server.
00:00
It looks as if it's running on our machine,
00:00
but we're actually running commands and operating
00:00
the browser through that remote machine.
00:00
This is very helpful if you have
00:00
a need to use a web browser on a remote resource.
00:00
You can only hit a local web like a Wiki,
00:00
or a SharePoint site, or what have you on that system.
00:00
You can only do it from that local network.
00:00
This is a way that you can get to it and see it in
00:00
a browser without actually having
00:00
to land on that machine with X RDP.
00:00
With that, we'll move on to our very last type
00:00
of console redirection we're going to talk about today,
00:00
and that is VNC forwarding.
00:00
This really just opens a VNC desktop environment
00:00
on a remote server over an encrypted SSH tunnel.
00:00
It works the exact same way
00:00
that local port forwarding does.
00:00
We're just going to use VNC ports.
00:00
For example, if the local VNC port is 5901 and
00:00
the remote desktop is displayed on
00:00
the display 3 VNC port 5903,
00:00
we would set this up using SSH -L, again,
00:00
capital L, for local port 5901 on the localhost,
00:00
and then the remote server is 5903.
00:00
Then we put in our user@remote-server
00:00
>> to connect to that VNC server.
00:00
>> We're all set.
00:00
>> But with that,
00:00
>> we've reached the end of this lesson.
00:00
In this lesson, we covered
00:00
the purpose of console redirection.
00:00
We also talked about how SSH forwarding
00:00
and X11 and VNC can leverage SSH forwarding.
00:00
Thanks so much for being here,
00:00
>> and I look forward to seeing you in the next lesson.
Up Next