How to Set Up a Reverse SSH Tunnel on Linux
Reverse SSH is a technique that can be used to access a system (behind a firewall) from the outside.
As we all know, SSH is a network protocol that supports encrypted communication between network nodes. Using this protocol, we can do secure remote login, secure copying from/to remote machines, etc.
We usually do the following to connect securely to a remote server using the ssh command.
$ ssh [your-account-login]@[server-ip]
What is Reverse SSH?
SSH is a very good tool for securely accessing a remote machine or server. However, the problem arises when we try to connect to a remote server that is behind a firewall and this firewall denies any incoming connection or data transfer request without a previous outgoing request. This means that only those connections that are initiated by the remote server machine are allowed. This is a real problem for those who want to access this server machine remotely.
Reverse SSH provides a technique by which we can simulate a normal SSH to this remote server machine.
The main problem is that the firewall is rejecting the ssh connection that our machine is trying to make with the remote server machine. But as we know, the same firewall will not have any problem with the connection originating from the server machine. So, why not ask someone sitting behind the firewall to do something to achieve the goal of remotely accessing the server. For this, we have to use ssh -Rthe ssh option.
Here is the description of the ssh -R option from the man page:
-R [bind_address:]port:host:hostport Specifies that the given port on the remote (server) host is forwarded to the given host and port on the local side. This works by allocating a socket to listen on port on the remote side, and whenever a connection is made to that port, the connection is forwarded over the secure channel and a connection is made from the local machine to host port hostport.
Therefore, we can use -Rthe ssh command with the -p option (in our case from the server) to connect to our machine, assign a port there and ensure that any connection requests on that port are forwarded to the remote server's ssh port.
The server machine does the ssh and port forwarding ensures that you can ssh back to the server machine, not our machine doing the ssh.
How to create a reverse SSH tunnel?
This is the command our friend sitting at the remote server side should run on the server:
$ ssh -fN -R 7000:localhost:22 username@yourMachine-ipaddress
So this ssh connection request from the remote server to your machine will ensure that any ssh connection request to port 7000 on your machine is forwarded to port 22 on the remote server.
Now make an ssh connection request from our machine to our own machine on port 7000:
$ ssh username@localhost -p 7000
Here, although we appear to be executing ssh on localhost, our request will be forwarded to the remote host. Therefore, we should use our account "username" on the remote server and enter the corresponding password when prompted for the password.
This should clear up most aspects related to the reverse ssh technique. However, there is a problem. The problem is that you have to ask a friend of yours - who is sitting behind a firewall - to create an ssh connection first. This is not always possible.
To overcome this, what we can do is to set up a machine that is not restricted by the firewall (like our machine) so that it is always on. Let's call this machine machine_z .
The good thing about machine_z is that we can set up reverse ssh on it once and then leave it like that. At any time, when we need to log into a remote machine, we can ssh into machine_z on the specified port (as shown before), our connection request will be forwarded to the remote server machine, and voila, we will have a command running on the remote server.
On a related note, we can also set up passwordless SSH to connect to another server without entering a password.
Some of the settings we need to configure on machine_z include:
- Make sure the parameters TCPKeepAlive , ClientAliveInterval , ClientAliveCountMax , and GatewayPorts are set to appropriate values. These parameters are located in the /etc/sshd_config or /etc/ssh/sshd_config file.
- If we make some changes in the above parameters, we should restart the sshd daemon to reflect the changes.
- Also, make sure to run the first ssh command (from the remote server to machine_z ) with the nohup command so that this ssh session is not affected by a hang that might occur when the user logs out.
For reprinting, please send an email to 1244347461@qq.com for approval. After obtaining the author's consent, kindly include the source as a link.
Related Articles
Restart PostgreSQL in Ubuntu 18.04
Publish Date:2025/04/09 Views:72 Category:PostgreSQL
-
This short article shows how to restart PostgreSQL in Ubuntu. Restart PostgreSQL Server in Ubuntu You can restart Postgres server in Ubuntu using the following command. Order: sudo service postgres restart Sometimes the above command does n
Issues to note when installing Apache on Linux
Publish Date:2025/04/08 Views:78 Category:OPERATING SYSTEM
-
As the most commonly used web server, Apache can be used in most computer operating systems. As a free and open source Unix-like operating system, Linux and Apache are a golden pair. This article will introduce the installation and use of A
How to decompress x.tar.xz format files under Linux
Publish Date:2025/04/08 Views:186 Category:OPERATING SYSTEM
-
A lot of software found today is in the tar.xz format, which is a lossless data compression file format that uses the LZMA compression algorithm. Like gzip and bzip2, it supports multiple file compression, but the convention is not to compr
Summary of vim common commands
Publish Date:2025/04/08 Views:115 Category:OPERATING SYSTEM
-
In Linux, the best editor should be vim. However, the complex commands behind vim's powerful functions also make us daunted. Of course, these commands do not need to be memorized by rote. As long as you practice using vim more, you can reme
Detailed explanation of command return value $? in Linux
Publish Date:2025/04/08 Views:58 Category:OPERATING SYSTEM
-
? is a special variable. This variable represents the return value of the previous command. That is to say, when we run certain commands, these commands will return a code after running. Generally, if the command is successfully run, the re
Common judgment formulas for Linux script shell
Publish Date:2025/04/08 Views:159 Category:OPERATING SYSTEM
-
In shell script programming, predicates are often used. There are two ways to use predicates, one is to use test, and the other is to use []. Let's take a look at how to use these two methods through two simple examples. Example 1 # test –
Shell script programming practice - specify a directory to delete files
Publish Date:2025/04/08 Views:98 Category:OPERATING SYSTEM
-
Usually, in Linux system we need to frequently delete some temporary files or junk files. If we delete them one by one manually, it will be quite troublesome. I have also been learning shell script programming recently, so I tried to write
Use of Linux command at - set time to execute command only once
Publish Date:2025/04/08 Views:158 Category:OPERATING SYSTEM
-
This article mainly involves a knowledge point, which is the atd service. Similar to this service is the crond service. The functions of these two services can be similar to the two functional functions of javascript. Those who have learned
Use of Linux command crontab - loop execution of set commands
Publish Date:2025/04/08 Views:170 Category:OPERATING SYSTEM
-
Compared with at , which executes a command only once, crontab, which we are going to talk about in this article, executes the set commands in a loop. Similarly, the use of crontab requires the support of the crond service. The service is s
