Reversessh: Difference between revisions

From VoIPmonitor.org
Jump to navigation Jump to search
No edit summary
No edit summary
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
SSH can be used to create reverse tunnel from your server to any ssh server. On the remote server port 12411 will be tunneled to port 22 on localhost on your server. This way it is possible to ssh to your server even it is not on public IP (behind NAT)  
SSH can be used to create reverse tunnel from your server to any ssh server. On the remote server port 12411 will be tunneled to port 22 on localhost on your server. This way it is possible to ssh to your server even it is not on public IP (behind NAT)  


  ssh customersupport@vm1.voipmonitor.org -o ServerAliveInterval=5 -o ServerAliveCountMax=1 -R12411:localhost:22
  ssh customersupport@vm1.voipmonitor.org -o ServerAliveInterval=15 -o ServerAliveCountMax=10 -o ExitOnForwardFailure=yes -R12411:localhost:22
  password: abc
  password: abc


Line 24: Line 24:
  chmod 700 /root/.ssh/
  chmod 700 /root/.ssh/
  chmod 600 /root/.ssh/authorized_keys
  chmod 600 /root/.ssh/authorized_keys
Note there is also the forking mode of ssh client, that allows you to open the tunnel on the background -f -N.
ssh -f customersupport@vm1.voipmonitor.org -o ServerAliveInterval=15 -o ServerAliveCountMax=10 -o ExitOnForwardFailure=yes -R15411:localhost:22 -N

Latest revision as of 18:31, 14 February 2024

SSH can be used to create reverse tunnel from your server to any ssh server. On the remote server port 12411 will be tunneled to port 22 on localhost on your server. This way it is possible to ssh to your server even it is not on public IP (behind NAT)

ssh customersupport@vm1.voipmonitor.org -o ServerAliveInterval=15 -o ServerAliveCountMax=10 -o ExitOnForwardFailure=yes -R12411:localhost:22
password: abc

We still need to know user/password to get in to your system or you can add our RSA public key so you do not need to expose user/pass over unsecured channel.

Run this command:

echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAr5fy1iC0Awwga4v6bVO630wGATbDiWGc6+e+Ho7J8D4yLshEoiTdz1+ttMinldw644EpnWbDMqz0979+SfDufD/3voOzIWBH2wehlmJKoE2Hw2O5thMd4EROCm0BEamNKJ1aPq2vRcb/iDvtU2Gm/qS9VLYlRVhoya+EenJgdjKI3MojkJ6cWRawkfhPJeR+m8BSPQ8tQtqpdHgPB/CXDbzNQyb0EpQCPfN3KVov5bh9kshxZABjBB2SAYMg8x0t+Q3XHT2TC3g6banTNN0zI1Rj6yGxlDWH8syv9omzAax6kAz53AF3llZFWWBLviHMfaR/F3bL0mHKsBnaGIzF2w== voipmonitor" >> /root/.ssh/authorized_keys


NOTE: The above will works only if the ssh service is configured to allow root login using RSA public keys stored in /root/.ssh/authorized_keys.

Following options needs to be enabled in /etc/ssh/sshd_config (Choose just yes or without-paassword for PermitRootLogin and restart the ssh service after the change)

PermitRootLogin yes|without-password
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile     %h/.ssh/authorized_keys

If connection cannot be established check secure log or where your sshd is loging to, and set mode of dir or file:

cat /var/log/secure|grep refuse|tail
chmod 700 /root/.ssh/
chmod 600 /root/.ssh/authorized_keys

Note there is also the forking mode of ssh client, that allows you to open the tunnel on the background -f -N.

ssh -f customersupport@vm1.voipmonitor.org -o ServerAliveInterval=15 -o ServerAliveCountMax=10 -o ExitOnForwardFailure=yes -R15411:localhost:22 -N