Wednesday, February 16, 2011

Reverse SSH Tunneling

I have a small auto shop and having Internet access there comes in handy when I need to find auto-related information, order parts or just surf the web and do some email. Until recently, I've used a EVDO modem and got 10x dial-up speeds, but at $65 a month, it just got to be too great an expense for such low speeds. My next-door neighbor came to the rescue and allowed me to share his fiber-optic Internet access via a wireless connection.

But that arrangement came with a downside. Previously, I left the EVDO connection open and could ssh into my work computer (all my systems run Linux). But now I had no access to his router/firewall and when I asked my friendly neighbor about port-forwarding an ssh connection, all I got was a blank stare.

Luckily, Jason from my TWUUG group suggested tunneling over ssh, diagrammed in the image above. This is how it's done.

On my shop computer, I run:

$ ssh -R 2222:localhost:22

and then on my home computer, I run:

$ ssh -p 2222 hoyt@localhost

And I have a console window opened to my shop machine.

Jason also suggested "You may want to look at '-f' or '-N' in ssh(1) depending on if you are using certs or not. Take a look at ssh_config(5) for setting up your ~/.ssh/config on a per host basis. This way, you can auto-setup port forwarding, odd port numbers, etc." In other words, it is possible to have the command execute automatically every time I start or re-start the machine at the shop and stay in the background.

The -f tells ssh to go into the background just before it executes the command.

The -N instructs ssh to not execute a command on the remote system.

Quick-Tip: SSH Tunneling Made Easy
A few examples including using this technique to tunnel past a firewall to use Jabber.

Breaking Firewalls with OpenSSH and PuTTY
A Windows-oriented tutorial.

SSH Port Forwarding (SSH Tunneling)
Additional examples and an ASCII diagram of how it works.

How to make your web browser think it is at Fermilab
Use ssh tunneling to use a remote machine as a proxy.

Reverse SSH Tunneling, Bypassing Firewalls and NAT
using an intermediate machine to establish a reverse ssh tunnel.

Google is your friend.

No comments: