Ssh reverse tunnel

From Teknologisk videncenter
Revision as of 07:25, 11 July 2025 by Heth (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

To ssh to a Linux server behind a firewall that doesn't allow incoming connections, a reverse ssh tunnel can be created from the server to a known client host. The client host should have a static IP address or a DNS hostname.

Remote server

To allow login without password create public/private rsa key pair on the client and copy the private key to the .ssh/authorized_keys file an set mod to 600 

ssh -o TCPKeepAlive=yes -R 9000:localhost:22 heth@93.166.84.21

Establishing the reversed tunnel from a scriptfile. You probably needs to install autossh. 

#!/usr/bin/bash
# See: https://medium.com/@souri.rv/autossh-for-keeping-ssh-tunnels-alive-5c14207c6ba9
REMOTE_HOST="222.2.2.2"
REMOTE_PORT="9000"
REMOTE_USER="steve"

autossh -M 0 -gNC $1 -o "ExitOnForwardFailure=yes" -o "ServerAliveInterval=10" -o "ServerAliveCountMax=3" -R ${REMOTE_PORT}:localhost:22 ${REMOTE_USER}@${REMOTE_USER}

/etc/systemd/system/reversessh.service 

[Unit]
Description=Reverse SSH tunnel
After=network.target
StartLimitIntervalSec=60
StartLimitBurst=12


[Service]
ExecStart=/bin/bash /home/steve/bin/reversessh.sh
Type=simple
User=steve
Group=steve
Restart=on-failure
RestartSec=5


[Install]
WantedBy=default.target
RequiredBy=network.target

Links

Retrieved from "http://mars.merhot.dk/w/index.php?title=Ssh_reverse_tunnel&oldid=41652"