Difference between revisions of "Ssh reverse tunnel"
From Teknologisk videncenter
m |
m |
||
| Line 2: | Line 2: | ||
=Remote server= | =Remote server= | ||
| − | To allow login without password create public/private rsa key pair and | + | To allow login without password create public/private rsa key pair on the client and copy the private key to the .ssh/authorized_keys file an set mod to 600 |
<source lang=bash> | <source lang=bash> | ||
ssh -o TCPKeepAlive=yes -R 9000:localhost:22 heth@93.166.84.21 | ssh -o TCPKeepAlive=yes -R 9000:localhost:22 heth@93.166.84.21 | ||
Latest revision as of 07:25, 11 July 2025
To ssh to a Linux server behind a firewall that doesn't allow incoming connections, a reverse ssh tunnel can be created from the server to a known client host. The client host should have a static IP address or a DNS hostname.
Remote server
To allow login without password create public/private rsa key pair on the client and copy the private key to the .ssh/authorized_keys file an set mod to 600
ssh -o TCPKeepAlive=yes -R 9000:localhost:22 heth@93.166.84.21
Establishing the reversed tunnel from a scriptfile. You probably needs to install autossh.
#!/usr/bin/bash
# See: https://medium.com/@souri.rv/autossh-for-keeping-ssh-tunnels-alive-5c14207c6ba9
REMOTE_HOST="222.2.2.2"
REMOTE_PORT="9000"
REMOTE_USER="steve"
autossh -M 0 -gNC $1 -o "ExitOnForwardFailure=yes" -o "ServerAliveInterval=10" -o "ServerAliveCountMax=3" -R ${REMOTE_PORT}:localhost:22 ${REMOTE_USER}@${REMOTE_USER}
/etc/systemd/system/reversessh.service
[Unit]
Description=Reverse SSH tunnel
After=network.target
StartLimitIntervalSec=60
StartLimitBurst=12
[Service]
ExecStart=/bin/bash /home/steve/bin/reversessh.sh
Type=simple
User=steve
Group=steve
Restart=on-failure
RestartSec=5
[Install]
WantedBy=default.target
RequiredBy=network.target