Reverse ssh tunnel
To access a local machine, behind a firewall, without a public IP, we can use a reserve ssh tunnel - a poor man's VPN.
The steps are the following:
From the machine you want to access (local machine), create an ssh tunnel to a publicly accessible server (remote machine), like pzwart1:
ssh -N -T -R 2222:localhost:22 firstname.lastname@example.org
This command establish a tunnel with a
-R remote entry point between the local machine and the remote machine .
This will allow, as we'll see later, that anything attached to port 2222 on the server, to reach "localhost port 22", The other options are:
- -f send ssh to background
- -N saves resources, by specifiying you don't actually want to run any remote commands. If all you're creating is a tunnel, then including this option.
- -T disables the interactive shell.
To access the localhost, from any where, all you need to do is login to the remote, as you normally do:
Once inside the remote, you simply login to its own localhost, but on port 2222, which will reach "localhost port 22", which is is our
ssh -p 2222 username(of local machine)@localhost
Note: port 2222 is an arbitrary number. We could have used any other available port.
Tunnel http traffic
The same strategy used above to tunnel SSH traffic, can be used to tunnel HTTP traffic.
Since HTTP traffic runs on port 80, instead of creating a tunnel attaching the ssh standart traffic port (22), we attach our chosen port .ie 8000 to port 80
In the local machine run:
ssh email@example.com -R 8000:localhost:80
And now we can visit http://pzwart1.wdka.hro.nl:8000
In other tutorials it is advised to:
1. Add the following line to /etc/ssh/sshd_config (I just added it at the very end) on your remote SSH server to allow remote port forwarding:
2. Save the file and apply the changes with:
sudo restart ssh