Reverse SSH Tunnel

From Bibliotheca Anonoma
Revision as of 23:21, 27 November 2018 by Amersel (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Without the ability to port forward a network under a NAT, your server is useless. In the case that you are incapable of allowing incoming traffic to certain ports into your network, you can use a reverse tunnel to give tunnel necessary services through another server elsewhere.

On the proxy server, edit /etc/ssh/sshd_config.

$ sudo nano /etc/ssh/sshd_config

If it doesn't exist already, add the following line:

GatewayPorts clientspecified

Now restart the SSH daemon. Note: non Debian/Ubuntu systems use sudo systemctl restart sshd

$ sudo systemctl restart ssh

Finally, you can create the tunnel on the client. The format is ssh -N -R :<local port>:localhost:<remote port> <username>@<remote ip>

$ ssh -N -R :9000:localhost:22 [email protected]

Creating a persistent tunnel

Using the command above does not keep the connection alive if the connection is lost. To make it a persistent connection, we can use autossh.

sudo apt install autossh

or

sudo yum install autossh

Then, to start it run:

autossh -M 20110 -o ServerAliveInterval=20 -R :9000:localhost:22 [email protected] & >/dev/null 2>&1

Resources