Difference between revisions of "Ssh reverse tunnel"

From Teknologisk videncenter
Jump to: navigation, search
m (local machine)
m (local machine)
 
Line 39: Line 39:
 
</source>
 
</source>
 
=local machine=
 
=local machine=
On local machine you want to ssh from.
+
On local machine you want to ssh from create ~/bin/sshremote with the following and make it executeable.
 +
Use it as for example: '''sshremote mars chris'''
 
<source lang=bash>
 
<source lang=bash>
 
#!/bin/bash
 
#!/bin/bash
Line 55: Line 56:
 
ip="localhost"
 
ip="localhost"
  
ssh $3 -p ${hosts[${host}]} ${user}@${ip}
+
ssh -p ${hosts[${host}]} ${user}@${ip}
 
</source>
 
</source>
  

Latest revision as of 07:11, 23 January 2026

To ssh to a Linux server behind a firewall that doesn't allow incoming connections, a reverse ssh tunnel can be created from the server to a known client host. The client host should have a static IP address or a DNS hostname.

Remote server

To allow login without password create public/private rsa key pair on the client and copy the private key to the .ssh/authorized_keys file an set mod to 600 

ssh -o TCPKeepAlive=yes -R 9000:localhost:22 heth@93.166.84.21

Establishing the reversed tunnel from a scriptfile. You probably needs to install autossh. 

#!/usr/bin/bash
# See: https://medium.com/@souri.rv/autossh-for-keeping-ssh-tunnels-alive-5c14207c6ba9
REMOTE_HOST="222.2.2.2"
REMOTE_PORT="9000"
REMOTE_USER="steve"

autossh -M 0 -gNC $1 -o "ExitOnForwardFailure=yes" -o "ServerAliveInterval=10" -o "ServerAliveCountMax=3" -R ${REMOTE_PORT}:localhost:22 ${REMOTE_USER}@${REMOTE_USER}

/etc/systemd/system/reversessh.service 

[Unit]
Description=Reverse SSH tunnel
After=network.target
StartLimitIntervalSec=60
StartLimitBurst=12


[Service]
ExecStart=/bin/bash /home/steve/bin/reversessh.sh
Type=simple
User=steve
Group=steve
Restart=on-failure
RestartSec=5


[Install]
WantedBy=default.target
RequiredBy=network.target

local machine

On local machine you want to ssh from create ~/bin/sshremote with the following and make it executeable. Use it as for example: sshremote mars chris 

#!/bin/bash

declare -A hosts

# machinename in /etc/hosts maps to portnumber
hosts["mars"]=9999
hosts["mbus1"]=9998
hosts["mars2"]=9997
hosts["dhdc"]=9996

host=$1
user=$2
ip="localhost"

ssh -p ${hosts[${host}]} ${user}@${ip}

Links

Retrieved from "http://mars.merhot.dk/w/index.php?title=Ssh_reverse_tunnel&oldid=41710"