[lug] WRT54GL is snarfing ssh port-forwarded HTTP traffic
Ed Moxley
ed at moxleynet.com
Sat Jun 9 13:45:39 MDT 2012
On 06/09/2012 12:37 PM, Jed S. Baer wrote:
> Hi Folks.
>
> I'm trying to get an ssh tunnel to work, so I can let a few folks connect
> securely to a wiki on my local machine, and I don't have to worry about
> having http or https ports open to the world. My sshd is working fine,
> and I've gotten the tunneling working fine when my test remote machine is
> on the LAN -- I'll call it "A", and the host, my local machine, "B".
>
> BTW, I know my sshd is working, because I use it to connect to machine B
> from work all the time, just ssh-ing to a terminal. I've also made sure
> that sshd-config is set to allow tunnels (probably irrelevant, as I
> think the permittunnel option applies to using the tun device, not
> port-forward type "tunnels").
>
> So I take machine A and connect to a wifi network, to tunnel in to B, as
> follows:
> ssh -L 10101:hostname:80 -p portnum user at hostname
> where portnum is the port sshd is listening on, on host B
>
> and I get logged in fine, I can use the command line, hostname looks
> correct, etc.
>
> When I fire up a web browser to connect to http://localhost:10101/, what
> happens is I get the http auth dialog from the WRT's internal web server.
> If I attempt to use http://localhost:10101/doku/ I get an error page
> showing '400 bad request illegal filename'.
>
> The thing that bugs me about this is if traffic is running encrypted over
> an ssh tunnel, how the heck could the WRT be snarfing up the packets to
> interpose itself?
>
> I've used wireshark to try to see what's happening, and nothing reveals
> itself. I don't see unencrypted http packets outbound from A. If I snoop
> on eth0 and the loopback device on B, there's nothing to see, because
> nothing is getting through. If I snoop on the ethernet device on A I see
> the unencrypted traffic from the WRT.
>
> I turned on logging on the WRT, and it showed no port access at all for
> my ssh port.
>
> The WRT54GL is running the factory software.
> Machine A is LinuxMint11, OpenSSH 5.8
> Machine B is Ubuntu 9.10, OpenSSH 5.1
>
> I was hoping to find a sort of debug option for ssh that says, "do this
> stuff, but use no encryption so I can see what's going on the wire", but
> if that's an option, I can't find it. At any rate, I'm pretty sure
> there's no ssh problems, since it works fine when I run it over the LAN.
>
> Any thoughts?
>
> Thanks,
> jed
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
Try changing
ssh -L 10101:hostname:80 -p portnum user at hostname
to
ssh -R 10101:hostname:80 -p portnum user at hostname
More information about the LUG
mailing list