Reverse SSH Tunnel: Difference between revisions
(Created page with "Without the ability to port forward a network under a NAT, your server is useless. In the case that you are incapable of allowing incoming traffic to certain ports into your n...") |
No edit summary |
||
| Line 1: | Line 1: | ||
Without the ability to port forward a network under a NAT, your server is useless. In the case that you are incapable of allowing incoming traffic to certain ports into your network, you can use a reverse tunnel to give tunnel necessary services through another server elsewhere. | Without the ability to port forward a network under a NAT, your server is useless. In the case that you are incapable of allowing incoming traffic to certain ports into your network, you can use a reverse tunnel to give tunnel necessary services through another server elsewhere. | ||
On the proxy server, edit <code>/etc/ssh/sshd_config</code>. | |||
<pre>$ sudo nano /etc/ssh/sshd_config</pre> | <pre>$ sudo nano /etc/ssh/sshd_config</pre> | ||
| Line 12: | Line 12: | ||
<pre>$ sudo systemctl restart ssh</pre> | <pre>$ sudo systemctl restart ssh</pre> | ||
Finally, you can create the tunnel. The format is <code>ssh -N -R :<local port>:localhost:<remote port> <username>@<remote ip></code> | Finally, you can create the tunnel on the client. The format is <code>ssh -N -R :<local port>:localhost:<remote port> <username>@<remote ip></code> | ||
<pre> | <pre> | ||
Latest revision as of 23:21, 27 November 2018
Without the ability to port forward a network under a NAT, your server is useless. In the case that you are incapable of allowing incoming traffic to certain ports into your network, you can use a reverse tunnel to give tunnel necessary services through another server elsewhere.
On the proxy server, edit /etc/ssh/sshd_config.
$ sudo nano /etc/ssh/sshd_config
If it doesn't exist already, add the following line:
GatewayPorts clientspecified
Now restart the SSH daemon. Note: non Debian/Ubuntu systems use sudo systemctl restart sshd
$ sudo systemctl restart ssh
Finally, you can create the tunnel on the client. The format is ssh -N -R :<local port>:localhost:<remote port> <username>@<remote ip>
$ ssh -N -R :9000:localhost:22 [email protected]
Creating a persistent tunnel[edit]
Using the command above does not keep the connection alive if the connection is lost. To make it a persistent connection, we can use autossh.
sudo apt install autossh
or
sudo yum install autossh
Then, to start it run:
autossh -M 20110 -o ServerAliveInterval=20 -R :9000:localhost:22 [email protected] & >/dev/null 2>&1
