vineklion.blogg.se - Ssh tunnel bastion

Configure Nessus to not ping the remote host (it’s behind the bastion box, so won’t succeed):.

Redirect any SSH traffic destined to the target 203.0.113.11 to the locally bound port:.

Set up an SSH connection to your ultimate target (using SSH proxy config), binding port 22 on the target to your scanning box:.

In a pinch it is possible to hack around this problem by tricking the Nessus scanner into thinking it’s scanning the remote host when it is in fact connecting via a port bound to the localhost. Binding a port to localhost and pointing Nessus to 127.0.0.1 is also not an option as Nessus handles scanning localhost in a different way and will report issues with the scanning box itself. This is a problem when scanning remote hosts behind a bastion box, especially when it is not possible to bind or connect to a new port to the bastion box due to firewall rules. Unfortunately, Nessus does not support SSH proxying. SSH’ing to will proxy the connection via the bastion.

An example of a SSH proxy file is below: Host SSH Proxying is a neat way to bounce via a bastion host to a target within a network.