Skip to main content

Reverse SSH Tunneling


I have a small auto shop and having Internet access there comes in handy when I need to find auto-related information, order parts or just surf the web and do some email. Until recently, I've used a EVDO modem and got 10x dial-up speeds, but at $65 a month, it just got to be too great an expense for such low speeds. My next-door neighbor came to the rescue and allowed me to share his fiber-optic Internet access via a wireless connection.

But that arrangement came with a downside. Previously, I left the EVDO connection open and could ssh into my work computer (all my systems run Linux). But now I had no access to his router/firewall and when I asked my friendly neighbor about port-forwarding an ssh connection, all I got was a blank stare.

Luckily, Jason from my TWUUG group suggested tunneling over ssh, diagrammed in the image above. This is how it's done.

On my shop computer, I run:

$ ssh -R 2222:localhost:22 hoyt@home.ip.net

and then on my home computer, I run:

$ ssh -p 2222 hoyt@localhost

And I have a console window opened to my shop machine.

Jason also suggested "You may want to look at '-f' or '-N' in ssh(1) depending on if you are using certs or not. Take a look at ssh_config(5) for setting up your ~/.ssh/config on a per host basis. This way, you can auto-setup port forwarding, odd port numbers, etc." In other words, it is possible to have the command execute automatically every time I start or re-start the machine at the shop and stay in the background.

The -f tells ssh to go into the background just before it executes the command.

The -N instructs ssh to not execute a command on the remote system.

REFERENCES

Quick-Tip: SSH Tunneling Made Easy
A few examples including using this technique to tunnel past a firewall to use Jabber.

Breaking Firewalls with OpenSSH and PuTTY
A Windows-oriented tutorial.

SSH Port Forwarding (SSH Tunneling)
Additional examples and an ASCII diagram of how it works.

How to make your web browser think it is at Fermilab
Use ssh tunneling to use a remote machine as a proxy.

Reverse SSH Tunneling, Bypassing Firewalls and NAT
using an intermediate machine to establish a reverse ssh tunnel.

Google is your friend.

Comments

Post a Comment

Popular posts from this blog

DOS4GW.EXE Version 2.01a and Alternative DOS Extenders

DOS4GW.EXE The Tenberry DOS extender DOS4GW.EXE was used by many early DOS games. I still enjoy playing many of these games and DOS4GW.EXE is usable with DOSBox , so they can be played on Linux. However, the version of DOS4GW.EXE that was included with the game was whatever was current at the time. The most recent version that includes many bugfixes that possibly affected the games when used with DOSBox have been fixed in the latest version, 2.01a. It's not free at US$49, but you can downloaded it here . Simply substitute it for whatever version of DOS4GW.EXE your game provided and enjoy the bug-fixed goodness. Tenberry also makes a "high-performance" "pro" version of DOS4GW.EXE, but it costs $300. I think that they could sell quite a few of these to hobby users (since, you know, DOS is dead) for US$5. Open Souce to the Rescue There are better performing, free and Open Source alternatives available and worth a look. DPMI Explained Let's unders...
1 comment
Read more

Return to Castle Wolfenstein for Modern Linux

Return to Castle Wolfenstein is a first-person shooter originally released on November 19, 2001. The game, like many other classic games, is available at GOG.com and costs only US$5.99. iortcw for Linux Don't bother with old and crusty Linux binaries offered by idsoft; they are problematic and it's painful to use them on a modern Linux. Fortunately for us, there are more modern GPL-licensed Linux binaries available for 32- and 64-bit systems as well as high resolution textures packages. The project at GitHub provides source code that can also be compiled for MS Windows using MinGW. iortcw for Windows and Mac You can download pre-compiled binaries for 32- and 64-bit Linux, MS Windows and Mac from here . Let's put our files in /usr/local/games/rtcw . As root, extract the downloaded .ZIP file for your architecture to  /usr/local/games/rtcw . All we are missing are the game data files. I purchased them from GOG.com. The game installer downloaded from GOG.com can be ...
1 comment
Read more

Unpack those .EXE game files from GOG.com (Plus other un-packers)

I just came upon innoextract today. I have many of the wonderful games from GOG.com, some of which have native Linux Clients. Before now, I've had to use PlayOnLinux or Crossover to install these for use with WINE, then add the Linux client. InnoSetup as a way to create an installer to install the games on Windows.  Daniel Scharrer has created innoextract to allow the unpacking of those archives on a non-Windows platform. The website provides information on using innoextract , but this information from the page is very useful: GOG.com Installers GOG.com installers with a 2.x.x version number on the download page or in the filename use InnoSetup 5.5.0 and cannot be extracted by innoextract 1.2 and older. Older installers use InnoSetup 5.2.3 and usually have no version in the filename. Some GOG.com multi-part installers with version 2.1.x or higher use RAR archives (renamed to .bin) to store the game data. These files are not part of the InnoSetup installer and require...
1 comment
Read more