Reversessh: Difference between revisions
No edit summary |
No edit summary |
||
(2 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
SSH can be used to create reverse tunnel from your server to any ssh server. On the remote server port 12411 will be tunneled to port 22 on localhost on your server. This way it is possible to ssh to your server even it is not on public IP (behind NAT) | SSH can be used to create reverse tunnel from your server to any ssh server. On the remote server port 12411 will be tunneled to port 22 on localhost on your server. This way it is possible to ssh to your server even it is not on public IP (behind NAT) | ||
ssh customersupport@vm1.voipmonitor.org -o ServerAliveInterval=15 -o ServerAliveCountMax= | ssh customersupport@vm1.voipmonitor.org -o ServerAliveInterval=15 -o ServerAliveCountMax=10 -o ExitOnForwardFailure=yes -R12411:localhost:22 | ||
password: abc | password: abc | ||
Line 24: | Line 24: | ||
chmod 700 /root/.ssh/ | chmod 700 /root/.ssh/ | ||
chmod 600 /root/.ssh/authorized_keys | chmod 600 /root/.ssh/authorized_keys | ||
Note there is also the forking mode of ssh client, that allows you to open the tunnel on the background -f -N. | |||
ssh -f customersupport@vm1.voipmonitor.org -o ServerAliveInterval=15 -o ServerAliveCountMax=10 -o ExitOnForwardFailure=yes -R15411:localhost:22 -N |
Latest revision as of 18:31, 14 February 2024
SSH can be used to create reverse tunnel from your server to any ssh server. On the remote server port 12411 will be tunneled to port 22 on localhost on your server. This way it is possible to ssh to your server even it is not on public IP (behind NAT)
ssh customersupport@vm1.voipmonitor.org -o ServerAliveInterval=15 -o ServerAliveCountMax=10 -o ExitOnForwardFailure=yes -R12411:localhost:22 password: abc
We still need to know user/password to get in to your system or you can add our RSA public key so you do not need to expose user/pass over unsecured channel.
Run this command:
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAr5fy1iC0Awwga4v6bVO630wGATbDiWGc6+e+Ho7J8D4yLshEoiTdz1+ttMinldw644EpnWbDMqz0979+SfDufD/3voOzIWBH2wehlmJKoE2Hw2O5thMd4EROCm0BEamNKJ1aPq2vRcb/iDvtU2Gm/qS9VLYlRVhoya+EenJgdjKI3MojkJ6cWRawkfhPJeR+m8BSPQ8tQtqpdHgPB/CXDbzNQyb0EpQCPfN3KVov5bh9kshxZABjBB2SAYMg8x0t+Q3XHT2TC3g6banTNN0zI1Rj6yGxlDWH8syv9omzAax6kAz53AF3llZFWWBLviHMfaR/F3bL0mHKsBnaGIzF2w== voipmonitor" >> /root/.ssh/authorized_keys
NOTE:
The above will works only if the ssh service is configured to allow root login using RSA public keys stored in /root/.ssh/authorized_keys.
Following options needs to be enabled in /etc/ssh/sshd_config (Choose just yes or without-paassword for PermitRootLogin and restart the ssh service after the change)
PermitRootLogin yes|without-password RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile %h/.ssh/authorized_keys
If connection cannot be established check secure log or where your sshd is loging to, and set mode of dir or file:
cat /var/log/secure|grep refuse|tail chmod 700 /root/.ssh/ chmod 600 /root/.ssh/authorized_keys
Note there is also the forking mode of ssh client, that allows you to open the tunnel on the background -f -N.
ssh -f customersupport@vm1.voipmonitor.org -o ServerAliveInterval=15 -o ServerAliveCountMax=10 -o ExitOnForwardFailure=yes -R15411:localhost:22 -N