Difference between revisions of "Ssh reverse tunnel"
From Teknologisk videncenter
m |
m |
||
| Line 1: | Line 1: | ||
| − | To ssh to a | + | To ssh to a Linux server behind a firewall that doesn't allow incoming connections, a reverse ssh tunnel can be created from the server to a known client host. The client host should have a static IP address or a DNS hostname. |
=Remote server= | =Remote server= | ||
| Line 6: | Line 6: | ||
ssh -o TCPKeepAlive=yes -R 9000:localhost:22 heth@93.166.84.21 | ssh -o TCPKeepAlive=yes -R 9000:localhost:22 heth@93.166.84.21 | ||
</source> | </source> | ||
| + | Establishing the reversed tunnel from a scriptfile | ||
| + | <source lang=bash> | ||
| + | #!/usr/bin/bash | ||
| + | # See: https://medium.com/@souri.rv/autossh-for-keeping-ssh-tunnels-alive-5c14207c6ba9 | ||
| + | REMOTE_HOST="192.168.1.84" # "93.166.84.21" | ||
| + | REMOTE_PORT="9000" | ||
| + | REMOTE_USER="heth" | ||
| + | autossh -M 0 -gNC -o "ExitOnForwardFailure=yes" -o "ServerAliveInterval=10" -o "ServerAliveCountMax=3" -R ${REMOTE_PORT}:localhost:22 ${REMOTE_USER}@${REMOTE_USER} | ||
| + | </source> | ||
Revision as of 13:56, 28 June 2025
To ssh to a Linux server behind a firewall that doesn't allow incoming connections, a reverse ssh tunnel can be created from the server to a known client host. The client host should have a static IP address or a DNS hostname.
Remote server
To allow login without password create public/private rsa key pair and
ssh -o TCPKeepAlive=yes -R 9000:localhost:22 heth@93.166.84.21
Establishing the reversed tunnel from a scriptfile
#!/usr/bin/bash
# See: https://medium.com/@souri.rv/autossh-for-keeping-ssh-tunnels-alive-5c14207c6ba9
REMOTE_HOST="192.168.1.84" # "93.166.84.21"
REMOTE_PORT="9000"
REMOTE_USER="heth"
autossh -M 0 -gNC -o "ExitOnForwardFailure=yes" -o "ServerAliveInterval=10" -o "ServerAliveCountMax=3" -R ${REMOTE_PORT}:localhost:22 ${REMOTE_USER}@${REMOTE_USER}