Reverse ssh tunnel: Difference between revisions
Andre Castro (talk | contribs) (Created page with " To access a local machine, behind a firewall, without a public IP, we can use a reserve ssh tunnel - a poor man's VPN. The steps are the following: '''From the machine you...") |
Andre Castro (talk | contribs) |
||
| (One intermediate revision by the same user not shown) | |||
| Line 5: | Line 5: | ||
'''From the machine you want to access (local machine)''', create an ssh tunnel to a '''publicly accessible server (remote machine)''', like pzwart1: | '''From the machine you want to access (local machine)''', create an ssh tunnel to a '''publicly accessible server (remote machine)''', like pzwart1: | ||
<source lang="bash"> | |||
ssh -N -T -R 2222:localhost:22 username@pzwart1.wdka.hro.nl | |||
</source> | |||
This command establish a tunnel with a <code>-R</code> remote entry point between the local machine and the remote machine . | This command establish a tunnel with a <code>-R</code> remote entry point between the local machine and the remote machine . | ||
| Line 15: | Line 17: | ||
To access the localhost, from any where, all you need to do is login to the remote, as you normally do: | To access the localhost, from any where, all you need to do is login to the remote, as you normally do: | ||
<source lang="bash"> | |||
ssh username@pzwart1.wdka.hro.nl | |||
</source> | |||
Once inside the remote, you simply login to its own localhost, but on port 2222, which will reach "localhost port 22", which is is our | Once inside the remote, you simply login to its own localhost, but on port 2222, which will reach "localhost port 22", which is is our | ||
<source lang="bash"> | |||
ssh -p 2222 username(of local machine)@localhost | |||
</source> | |||
Note: port 2222 is an arbitrary number. We could have used any other available port. | Note: port 2222 is an arbitrary number. We could have used any other available port. | ||
| Line 25: | Line 31: | ||
The same strategy used above to tunnel SSH traffic, can be used to tunnel HTTP traffic. | The same strategy used above to tunnel SSH traffic, can be used to tunnel HTTP traffic. | ||
Since HTTP traffic runs on port 80, instead of creating a tunnel attaching the ssh standart traffic port (22), '''we attach our chosen port .ie | Since HTTP traffic runs on port 80, instead of creating a tunnel attaching the ssh standart traffic port (22), '''we attach our chosen port .ie 8000 to port 80''' | ||
In the local machine run: | |||
<source lang="bash"> | |||
ssh user@pzwart1.wdka.hro.nl -R 8000:localhost:80 | |||
</source> | |||
And now we can visit http://pzwart1.wdka.hro.nl:8000 | |||
---- | |||
=Issues= | |||
Although the browser in visiting http://pzwart1.wdka.hro.nl:8000, gets to http://192.168.73.220/index.php?title=Main_Page it ends with <code>Alert!: Unable to connect to remote host</code>. | |||
In other tutorials it is advised to: | |||
1. Add the following line to /etc/ssh/sshd_config (I just added it at the very end) on your remote SSH server to allow remote port forwarding: | |||
GatewayPorts yes | |||
2. Save the file and apply the changes with: | |||
sudo restart ssh | |||
[[Category:Cookbook]] | [[Category:Cookbook]] | ||
Latest revision as of 15:57, 25 October 2017
To access a local machine, behind a firewall, without a public IP, we can use a reserve ssh tunnel - a poor man's VPN.
The steps are the following:
From the machine you want to access (local machine), create an ssh tunnel to a publicly accessible server (remote machine), like pzwart1:
ssh -N -T -R 2222:localhost:22 username@pzwart1.wdka.hro.nl
This command establish a tunnel with a -R remote entry point between the local machine and the remote machine .
This will allow, as we'll see later, that anything attached to port 2222 on the server, to reach "localhost port 22", The other options are:
- -f send ssh to background
- -N saves resources, by specifiying you don't actually want to run any remote commands. If all you're creating is a tunnel, then including this option.
- -T disables the interactive shell.
To access the localhost, from any where, all you need to do is login to the remote, as you normally do:
ssh username@pzwart1.wdka.hro.nl
Once inside the remote, you simply login to its own localhost, but on port 2222, which will reach "localhost port 22", which is is our
ssh -p 2222 username(of local machine)@localhost
Note: port 2222 is an arbitrary number. We could have used any other available port.
Tunnel http traffic
The same strategy used above to tunnel SSH traffic, can be used to tunnel HTTP traffic.
Since HTTP traffic runs on port 80, instead of creating a tunnel attaching the ssh standart traffic port (22), we attach our chosen port .ie 8000 to port 80
In the local machine run:
ssh user@pzwart1.wdka.hro.nl -R 8000:localhost:80
And now we can visit http://pzwart1.wdka.hro.nl:8000
Issues
Although the browser in visiting http://pzwart1.wdka.hro.nl:8000, gets to http://192.168.73.220/index.php?title=Main_Page it ends with Alert!: Unable to connect to remote host.
In other tutorials it is advised to:
1. Add the following line to /etc/ssh/sshd_config (I just added it at the very end) on your remote SSH server to allow remote port forwarding:
GatewayPorts yes
2. Save the file and apply the changes with:
sudo restart ssh