5

I am interested in the exact mechanism that occurs when an SSH tunnel is stablished.

Supposing we have 3 computers: LOCAL host, INTERMEDIATE host, and REMOTE host, with this topology:

Localhost --- INTERNET --- IntermediateHost --- LAN --- RemoteHost

And we want to pen a tunnel to a Web Server running on RemoteHost.

Intermediate and Remote hosts accept SSH connections.

When I execute the following command in the Local machine:

$ ssh -L 2022:remote:80 user@intermediate

Im I right if I assume the following?

  • The SSH client of localhost opens the port 2022 and listens to it (starting to act as a server)
  • In the same time, the SSH client of localhost opens an SSH connection with default port (22) on Intermediate host.
  • In this connection, the client informs the IntermediateHost that it wants to open a tunnel (since the SSH protocol supports it), so now the Intermediate SSH server knows that it has to send the traffic received throught this connection to the RemoteHost, port 80.

So now, a Web Browser running on Localhost connects to localhost:2022 and sends a "GET /" through the socket. The SO takes control and encapsulates this info inside a TCP packet, with destination port 2022, and then this one inside an IP packet, with destination address LOCALHOST, the routing tables of the operating system determine that the packet is meant for the same machine, so it unwraps the TCP packet, reads the destination, and unwraps it, returning the "GET /" to the serverSocket that the SSH client has opened before (on port 2022)

Is this correct? because as far as I know, a tunnel wraps the TCP/IP packet through SSH, but in this scenario, the SSH client doesn't have access to the TCP/IP packet, it only gets the "application level" information: "GET /".

Thank you!

1
  • what do you mean by "The SO"? As for "a tunnel wraps the". No.. Tunneling is smuggling/encapsulating one protocol inside another one, but the encapsulated is encrypted, and this allows the encapsulation to be a potentially untypical combination and flexible. A tunnel is I suppose the connection with tunneling going on. (i'm no fan of the terminology!)
    – barlop
    Commented Mar 12, 2013 at 10:38

1 Answer 1

2

Your understanding of the process is correct.

The "wrapping" or "tunneling" indeed happens at TCP level: the stream coming over the SSH connection is connected to the socket connection in the LAN, and everything that goes forth and back over this also goes over that.

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .