Reverse SSH Tunnel: Difference between revisions

From Bibliotheca Anonoma
(Created page with "Without the ability to port forward a network under a NAT, your server is useless. In the case that you are incapable of allowing incoming traffic to certain ports into your n...")
 
No edit summary
 
Line 1: Line 1:
Without the ability to port forward a network under a NAT, your server is useless. In the case that you are incapable of allowing incoming traffic to certain ports into your network, you can use a reverse tunnel to give tunnel necessary services through another server elsewhere.
Without the ability to port forward a network under a NAT, your server is useless. In the case that you are incapable of allowing incoming traffic to certain ports into your network, you can use a reverse tunnel to give tunnel necessary services through another server elsewhere.


Edit <code>/etc/ssh/sshd_config</code>.
On the proxy server, edit <code>/etc/ssh/sshd_config</code>.


<pre>$ sudo nano /etc/ssh/sshd_config</pre>
<pre>$ sudo nano /etc/ssh/sshd_config</pre>
Line 12: Line 12:
<pre>$ sudo systemctl restart ssh</pre>
<pre>$ sudo systemctl restart ssh</pre>


Finally, you can create the tunnel. The format is <code>ssh -N -R :<local port>:localhost:<remote port> <username>@<remote ip></code>
Finally, you can create the tunnel on the client. The format is <code>ssh -N -R :<local port>:localhost:<remote port> <username>@<remote ip></code>


<pre>
<pre>

Latest revision as of 23:21, 27 November 2018

Without the ability to port forward a network under a NAT, your server is useless. In the case that you are incapable of allowing incoming traffic to certain ports into your network, you can use a reverse tunnel to give tunnel necessary services through another server elsewhere.

On the proxy server, edit /etc/ssh/sshd_config.

$ sudo nano /etc/ssh/sshd_config

If it doesn't exist already, add the following line:

GatewayPorts clientspecified

Now restart the SSH daemon. Note: non Debian/Ubuntu systems use sudo systemctl restart sshd

$ sudo systemctl restart ssh

Finally, you can create the tunnel on the client. The format is ssh -N -R :<local port>:localhost:<remote port> <username>@<remote ip>

$ ssh -N -R :9000:localhost:22 [email protected]

Creating a persistent tunnel[edit]

Using the command above does not keep the connection alive if the connection is lost. To make it a persistent connection, we can use autossh.

sudo apt install autossh

or

sudo yum install autossh

Then, to start it run:

autossh -M 20110 -o ServerAliveInterval=20 -R :9000:localhost:22 [email protected] & >/dev/null 2>&1

Resources[edit]