قالب وردپرس درنا توس
Home / Tips and Tricks / What is Reverse SSH Tunneling? (and how to use it)

What is Reverse SSH Tunneling? (and how to use it)



  SSH Prompt on a Laptop
Eny Setiyowati / Shutterstock.com

Need to run SSH on an unreachable Linux computer? Call and then build this connection to get your own remote SSH session. We show you how.

When to use reverse SSH tunneling

Sometimes remote computers are hard to reach. The site where they are located may have strict firewall rules, or the local administrator may have set complex rules for network address translation. How do you reach such a computer when you need to connect to it?

Let's set up some labels. Your computer is the local computer because it is in your area. The computer you are connecting to is the remote computer because it is in a location other than yours.

To distinguish between the local computer used in this article and the remote computer, the remote computer is called "howtogeek" and runs on Ubuntu Linux (with purple terminal windows). The local computer is called "Sulaco" and runs Manjaro Linux (with yellow terminal windows).

Typically, you would start an SSH connection from the local computer and connect to the remote computer. In the network scenario we describe, this is not an option. It really does not matter which network it is. This is useful whenever you can not communicate directly with SSH through a remote computer.

However, if the network configuration on your page is straightforward, the remote computer can connect to you. However, this alone is not enough for your needs because you do not get a working command-line session on the remote computer. But it is a start. You have an established connection between the two computers.

The answer lies in reverse SSH tunneling.

What is reverse SSH tunneling?

Using reverse SSH tunneling, you can use this established connection to set up a new connection from your local computer back to the remote computer.

Since the original link came from the remote computer to it is used "in reverse". "And since SSH is secure, establish a secure connection within an existing secure connection. This means that your connection to the remote computer acts as a private tunnel within the original connection.

And so we come to the name "Reverse SSH Tunneling".

How it works

Reverse SSH tunneling based on The remote computer uses the established connection to wait for new connection requests from the local computer.

The remote computer monitors a network port on the local computer. When it detects an SSH request to this port, it forwards that connection request to itself over the established connection. This establishes a new connection between the local computer and the remote computer.

Setting up is easier than writing.

Using SSH Reverse Tunneling

SSH is already installed on your Linux computer, but you may need to start the SSH daemon (sshd) if the local computer has never previously accepted SSH connections.

  sudo systemctl start sshd 

  sudo systemctl start sshd in a terminal window

Use this command to start the SSH daemon each time the computer is restarted:

  sudo systemctl enable sshd 

  19659025] sudo systemctl enable sshd in a terminal window " width="646" height="122" src="/pagespeed_static/1.JiBnMqyl6S.gif" onload="pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);" onerror="this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);"/> 

On the remote computer we use the following command:

  • The option -R (reversed) splits ssh that new SSH sessions need to be created on the remote computer.
  • 43022: localhost: 22 "tells ssh that connection requests should be sent to port 43022 on the local computer should be forwarded to port 22 on the remote computer. Port 43022 was selected because it is listed as unassigned. This is not a special number.
  • dave@sulaco.local is the user account that the remote computer connects to on the local computer.
  ssh -R 43022: localhost: 22 dave@sulaco.local [19659031] ssh -R 43022: localhost: 22 dave@sulaco.local in a terminal window "width =" 644 "height =" 55 "src =" / pagespeed_static / 1.JiBnMqyl6S.gif "onload =" pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon (this); "onerror =" this.onerror = null; pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon (this); "/> 

You may receive a warning message that you have never connected to the local computer before, you might see a warning when adding the connection details to the list of discovered SSH hosts, and what you see, if any, depends on whether or not there's ever been a connection from the

You are prompted for the password of the account that you use to connect to the local computer.

 SSH connection details in a terminal window

If the Verbi In the case of an error message, dave @ howtogeek changes the prompt to dave @ sulaco.

We are now connected to the local computer of the remote computer. That means we can give him orders. Let's use the command who to display the logins on the local machine.

  who 

  who command in a terminal window

The person with the user account is displayed The called Dave has logged in to the local computer and the remote computer has obtained the IP address 192.168.4.25 ( logged in with the same user credentials).

RELATED: How to Discover the Current User Account on Linux

How to Connect to the Remote Computer

You can use the connection from the remote computer to succeed attempt to connect to the remote computer from the local computer. [19659006] The remote computer monitors port 43022 on the local computer. So to connect to the remote computer, we ask ssh to connect to the local computer on port 43022. This connection request is forwarded to the remote computer.

 ] ssh localhost -p 43022 

  ssh localhost -p 43022 in a terminal window

We are prompted for the user account password and then connected to the remote computer from the local computer. Our Manjaro computer happily says, "Welcome to Ubuntu 18.04.2 LTS."

 Reverse SSH Tunneling to the Remote Computer

Note that the dave @ sulaco prompt changed to dave @ howtogeek. We've achieved our goal of establishing an SSH connection to our hard-to-reach remote computer.

Using SSH with Keys

To simplify the connection from the remote computer to the local computer, we can enable SSH keys.

Enter the following command on the remote computer:

  ssh-keygen 

  ssh-keygen in a terminal window

You are prompted for a passphrase. You can press Enter to ignore the passphrase questions. This is not recommended. This would mean that any user on the remote machine can make an SSH connection to your local machine without being prompted for a password.

Three or four words separated by symbols make a robust passphrase.

 ssh key generation in a terminal window

Your SSH keys are being generated.

We need to transfer the public key to the local computer. Use this command:

  ssh-copy-id dave@sulaco.local 

  ssh-copy-id dave@sulaco.local in a terminal window

You are prompted to enter the password for the user Account in which you log in, in this case dave@sulaco.local.

 Transferring SSH Keys to the Local Computer in a Terminal Window

The first time you send a connection request from the remote computer to the local computer, you must specify the passphrase. You do not need to retype it for future connection requests, as long as this terminal window remains open.

 Passphrase Request Dialog Box

RELATED: How to Create and Install SSH Keys from the Linux Shell

Not all Tunnels Are Scary

Some tunnels can be dark and winding, but reverse SSH tunneling is not too difficult to navigate if you can maintain the relationship between the remote computer and the local computer right in your head. Then turn it over.




Source link