Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # SSH Reverse Tunnels
- SSH ->
- Local Host (NAT/Firewalled) --> Internet --> Remote Host
- <- Reverse Port Forward
- ## Basic Usage
- 1. Create an ssh key with no passphrase: `ssh-keygen -f ~/.ssh/redir -t rsa -N ''`
- 2. Add `~/.ssh/redir.pub` to remote host's `~/.ssh/authorized_keys`. If using lower ports, do this for `root` user.
- 3. Create the tunnel: `ssh -i ~/.ssh/redir -R *:80:localhost:80 root@remotehost`
- 4. Now any traffic on remote host's port 80 will ride ssh back to 127.0.0.1:80 of the Local Host
- 5. If it isn't working, make sure ports are not already in use with `netstat -plant | grep <port>`
- 6. If that doesn't work, check ingress firewall/security group rules for remote host
- ## Daemonized Tunnels
- Here's a basic tunnel that will be daemonized in the background:
- `ssh -i ~/.ssh/redir -fnNT -R *:80:localhost:80 root@remotehost`
- If you want a lot of control over the daemonized tunnel , like checking the status or stopping it on command, you can use a control socket:
- * Start the tunnel: `ssh -i ~/.ssh/redir -M -S my-socket -fnNT -R *:80:localhost:80 root@remotehost`
- * Check the status: `ssh -S my-socket -O check root@remotehost`
- * Close the socket: `ssh -S my-socket -O exit root@remotehost`
- ## Config File Settings
- Add the following to ~/.ssh/config
- Host tunnel
- HostName remotehost
- IdentityFile ~/.ssh/redir
- RemoteForward 80 localhost:80
- user root
- Now you can start your tunnel with `ssh -fnNT tunnel`
- We can also make some aliases to add to `~/.bashrc` or `~/.bash_aliases` (depending on your setup):
- alias tunnel-start='ssh -M -S my-socket -fnNT tunnel`
- alias tunnel-check='ssh -S my-socket -O check root@remotehost
- alias tunnel-stop='ssh -S my-socket -O exit root@remotehost
- ## Initialize on Startup
- Let's tie this all together into a small bash script that will run on startup and reconnect if the tunnel is down
- #!/bin/bash
- cmd="ssh -fnNT tunnel"
- while true; do
- pgrep -fx "$cmd" >/dev/null 2>&1 || $cmd
- sleep 10
- done
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement