RIPT 19 – RIPT Client (Linux)

To port forward on Linux your SSH config file should look something like the following.

RIPT Client 01

Host RIPT*
 AddressFamily inet
 User ript-relay
 Port 22
 IdentityFile /root/.ssh/ript_client
 ServerAliveInterval 10
 LocalForward 11095 127.0.0.1:11095
 LocalForward 11096 127.0.0.1:11096
 LocalForward 11097 127.0.0.1:11097
 LocalForward 11098 127.0.0.1:11098
 
Host RIPT-tunnels-SSH
 HostName <FQDN of RIPT Relay>
 StrictHostKeyChecking yes
 UserKnownHostsFile /root/.ssh/known_hosts

Host RIPT-tunnels-SSL
 HostName localhost
 ProxyCommand /usr/bin/ncat --ssl-verify <FQDN of RIPT Relay> 443
 NoHostAuthenticationForLocalhost yes

RIPT Client 02

Host RIPT*
 AddressFamily inet
 User ript-relay
 Port 22
 IdentityFile /root/.ssh/ript_client
 ServerAliveInterval 10
 LocalForward 12095 127.0.0.1:12095
 LocalForward 12096 127.0.0.1:12096
 LocalForward 12097 127.0.0.1:12097
 LocalForward 12098 127.0.0.1:12098
 
Host RIPT-tunnels-SSH
 HostName <FQDN of RIPT Relay>
 StrictHostKeyChecking yes
 UserKnownHostsFile /root/.ssh/known_hosts

Host RIPT-tunnels-SSL
 HostName localhost
 ProxyCommand /usr/bin/ncat --ssl-verify <FQDN of RIPT Relay> 443
 NoHostAuthenticationForLocalhost yes

The local forwards here should be noted for use later but are mostly arbitrary (can’t be used by other services). The destination is the RIPT Relay and those ports must correspond with the reverse SSH tunnels created by the RIPT Server.

In this example we are creating the following mappings:

RIPT Server 01 RIPT Relay RIPT Client 01
SSH 22 11095 11095
VNC 5901 11096 11096
HTTP Proxy (Squid) 3128 11097 11097
SOCKS Proxy 9999 11098 11098

 

RIPT Server 02 RIPT Relay RIPT Client 02
SSH 22 12095 12095
VNC 5901 12096 12096
HTTP Proxy (Squid) 3128 12097 12097
SOCKS Proxy 9999 12098 12098

 

This will be repeated for as many RIPT Servers as you have.

Leave a Reply

Your email address will not be published. Required fields are marked *