Difference between revisions of "Ssh reverse tunnel"
From Teknologisk videncenter
m |
m |
||
| Line 10: | Line 10: | ||
#!/usr/bin/bash | #!/usr/bin/bash | ||
# See: https://medium.com/@souri.rv/autossh-for-keeping-ssh-tunnels-alive-5c14207c6ba9 | # See: https://medium.com/@souri.rv/autossh-for-keeping-ssh-tunnels-alive-5c14207c6ba9 | ||
| − | REMOTE_HOST=" | + | REMOTE_HOST="222.2.2.2" |
REMOTE_PORT="9000" | REMOTE_PORT="9000" | ||
| − | REMOTE_USER=" | + | REMOTE_USER="steve" |
autossh -M 0 -gNC $1 -o "ExitOnForwardFailure=yes" -o "ServerAliveInterval=10" -o "ServerAliveCountMax=3" -R ${REMOTE_PORT}:localhost:22 ${REMOTE_USER}@${REMOTE_USER} | autossh -M 0 -gNC $1 -o "ExitOnForwardFailure=yes" -o "ServerAliveInterval=10" -o "ServerAliveCountMax=3" -R ${REMOTE_PORT}:localhost:22 ${REMOTE_USER}@${REMOTE_USER} | ||
</source> | </source> | ||
| + | /etc/systemd/system/reversessh.service | ||
| + | <source lang=bash> | ||
| + | [Unit] | ||
| + | Description=Reverse SSH tunnel | ||
| + | After=network.target | ||
| + | StartLimitIntervalSec=60 | ||
| + | StartLimitBurst=12 | ||
| + | [Service] | ||
| + | ExecStart=/bin/bash /home/steve/bin/reversessh.sh | ||
| + | Type=simple | ||
| + | User=heth | ||
| + | Group=heth | ||
| + | Restart=on-failure | ||
| + | RestartSec=5 | ||
| + | |||
| + | |||
| + | [Install] | ||
| + | WantedBy=default.target | ||
| + | RequiredBy=network.target | ||
| + | </source> | ||
=Links= | =Links= | ||
*https://qbee.io/misc/reverse-ssh-tunneling-the-ultimate-guide/ | *https://qbee.io/misc/reverse-ssh-tunneling-the-ultimate-guide/ | ||
[[Category:Linux]] | [[Category:Linux]] | ||
Revision as of 06:21, 11 July 2025
To ssh to a Linux server behind a firewall that doesn't allow incoming connections, a reverse ssh tunnel can be created from the server to a known client host. The client host should have a static IP address or a DNS hostname.
Remote server
To allow login without password create public/private rsa key pair and
ssh -o TCPKeepAlive=yes -R 9000:localhost:22 heth@93.166.84.21
Establishing the reversed tunnel from a scriptfile. You probably needs to install autossh.
#!/usr/bin/bash
# See: https://medium.com/@souri.rv/autossh-for-keeping-ssh-tunnels-alive-5c14207c6ba9
REMOTE_HOST="222.2.2.2"
REMOTE_PORT="9000"
REMOTE_USER="steve"
autossh -M 0 -gNC $1 -o "ExitOnForwardFailure=yes" -o "ServerAliveInterval=10" -o "ServerAliveCountMax=3" -R ${REMOTE_PORT}:localhost:22 ${REMOTE_USER}@${REMOTE_USER}
/etc/systemd/system/reversessh.service
[Unit]
Description=Reverse SSH tunnel
After=network.target
StartLimitIntervalSec=60
StartLimitBurst=12
[Service]
ExecStart=/bin/bash /home/steve/bin/reversessh.sh
Type=simple
User=heth
Group=heth
Restart=on-failure
RestartSec=5
[Install]
WantedBy=default.target
RequiredBy=network.target