I am interested in the exact mechanism that occurs when an SSH tunnel is stablished.
Supposing we have 3 computers: LOCAL host, INTERMEDIATE host, and REMOTE host, with this topology:
Localhost --- INTERNET --- IntermediateHost --- LAN --- RemoteHost
And we want to pen a tunnel to a Web Server running on RemoteHost.
Intermediate and Remote hosts accept SSH connections.
When I execute the following command in the Local machine:
$ ssh -L 2022:remote:80 user@intermediate
Im I right if I assume the following?
- The SSH client of localhost opens the port 2022 and listens to it (starting to act as a server)
- In the same time, the SSH client of localhost opens an SSH connection with default port (22) on Intermediate host.
- In this connection, the client informs the IntermediateHost that it wants to open a tunnel (since the SSH protocol supports it), so now the Intermediate SSH server knows that it has to send the traffic received throught this connection to the RemoteHost, port 80.
So now, a Web Browser running on Localhost connects to localhost:2022 and sends a "GET /" through the socket. The SO takes control and encapsulates this info inside a TCP packet, with destination port 2022, and then this one inside an IP packet, with destination address LOCALHOST, the routing tables of the operating system determine that the packet is meant for the same machine, so it unwraps the TCP packet, reads the destination, and unwraps it, returning the "GET /" to the serverSocket that the SSH client has opened before (on port 2022)
Is this correct? because as far as I know, a tunnel wraps the TCP/IP packet through SSH, but in this scenario, the SSH client doesn't have access to the TCP/IP packet, it only gets the "application level" information: "GET /".
Thank you!