Create a Reverse Ssh Tunnel

Need to skirt around that pesky corporate firewall?

Or host a service while NATed?

What you need is a reverse SSH tunnel and you will be well on your way to confusing your friends trying to tell them what you've done.

Steps

  1. Server: apt-get install openssh-server
  2. Server: ssh-keygen
  3. Client: apt-get install openssh-client
  4. Client: ssh-keygen
  5. Client: ssh-copy-id user@server
  6. Server: Edit /etc/ssh/sshd_config as root.
    • Change '#PasswordAuthentication yes' to 'PasswordAuthentication no'.
    • Add 'GatewayPorts clientspecified' to the end of the file.
  7. Client: Now we create the reverse tunnel with
    ssh -R 10.0.0.111:5555:127.0.0.1:4444 user@10.0.0.111
    • -R makes the tunnel reversed
    • 10.0.0.1 is the ip address of the interface on your server that is facing the Internet
    • 5555  is the servers port to listen on.
    • 4444 is the port to forward to on your client.
  8. Now you can open ports on the server to the Internet and forward them through your tunnel to your client.



Tips

  • You can change the computer that the port is forwarded to by changing the local loop-back address (127.0.0.1) to the ip address of that computer. So, 10.0.0.111:5555:192.168.0.2:4444 would forward port 5555 on 10.0.0.111 to port 4444 on 192.168.0.2
  • Use -nNR when creating the tunnel if you don't need a shell.

Warnings

  • Keep the id_rsa file created by ssh-keygen safe! This is you private key! Give it to no one! id_rsa.pub however, you can give out to anyone.

Things You'll Need

  • Two computers: One that you will be forwarding ports to and the other that you can open to the Internet.
  • These instructions assume both systems are running Ubuntu or a similar distro.
  • Basic knowledge of the command line might help.

Related Articles

Retrieved from "https://kipkis.com/index.php?title=Create_a_Reverse_Ssh_Tunnel&oldid=353065"