Linux Secure Shell (SSH) V : Reverse SSH Tunnel (remote port forwarding)
Want to ssh to Linux box that sits behind NAT?
We can do it with reverse SSH tunneling!
This chapter will show how to set up reverse SSH tunneling step by step.
Picture credit: How does reverse SSH tunneling work?
"When we create a tunnel, we specify an address and port on which it will answer, and an address and port to which it will be delivered. The -L option tells the tunnel to answer on the local side of the tunnel (the host running our client). The -R option tells the tunnel to answer on the remote side (the SSH server)."
"To be able to SSH from the Internet into a machine behind a firewall, we need the machine in question to open an SSH connection to the outside world and include a -R tunnel whose 'entry' point is the 'remote' side of his connection."
From How does reverse SSH tunneling work?
Here are additional diagrams from the same source explaining both of the cases (-L and -R):
Here is the diagram used for our sample:
Suppose our destination is a linux box that's behind NAT and we want to access from a source. In other words, we're in the situation like this: Destination <- |NAT/Firewall| <- Source .
On the shell of firewalled (remote/source) host:
$ ssh -R 9001:localhost:22 remotehost
This is telling our client to establish a tunnel with a -Remote entry point. Anything that attaches to port 9001 on the far end of the tunnel will actually reach localhost port 22, where localhost is from the perspective of the exit point of the tunnel (i.e. our ssh client).
Now we can SSH from source to destination through SSH tunneling:
$ ssh localhost -p 9001
Linux - system, cmds & shell
- Linux Tips - links, vmstats, rsync
- Linux Tips 2 - ctrl a, curl r, tail -f, umask
- Linux - bash I
- Linux - bash II
- Linux - Uncompressing 7z file
- Linux - sed I (substitution: sed 's///', sed -i)
- Linux - sed II (file spacing, numbering, text conversion and substitution)
- Linux - sed III (selective printing of certain lines, selective definition of certain lines)
- Linux - 7 File types : Regular, Directory, Block file, Character device file, Pipe file, Symbolic link file, and Socket file
- Linux shell programming - introduction
- Linux shell programming - variables and functions (readonly, unset, and functions)
- Linux shell programming - special shell variables
- Linux shell programming : arrays - three different ways of declaring arrays & looping with $*/$@
- Linux shell programming : operations on array
- Linux shell programming : variables & commands substitution
- Linux shell programming : metacharacters & quotes
- Linux shell programming : input/output redirection & here document
- Linux shell programming : loop control - for, while, break, and break n
- Linux shell programming : string
- Linux shell programming : for-loop
- Linux shell programming : if/elif/else/fi
- Linux shell programming : Test
- Managing User Account - useradd, usermod, and userdel
- Linux Secure Shell (SSH) I : key generation, private key and public key
- Linux Secure Shell (SSH) II : ssh-agent & scp
- Linux Secure Shell (SSH) III : SSH Tunnel as Proxy - Dynamic Port Forwarding (SOCKS Proxy)
- Linux Secure Shell (SSH) IV : Local port forwarding (outgoing ssh tunnel)
- Linux Secure Shell (SSH) V : Reverse SSH Tunnel (remote port forwarding / incoming ssh tunnel) /)
- Linux Processes and Signals
- Linux Drivers 1
- tcpdump
- Linux Debugging using gdb
- Embedded Systems Programming I - Introduction
- Embedded Systems Programming II - gcc ARM Toolchain and Simple Code on Ubuntu/Fedora
- LXC (Linux Container) Install and Run
- Linux IPTables
- Hadoop - 1. Setting up on Ubuntu for Single-Node Cluster
- Hadoop - 2. Runing on Ubuntu for Single-Node Cluster
- ownCloud 7 install
- Ubuntu 14.04 guest on Mac OSX host using VirtualBox I
- Ubuntu 14.04 guest on Mac OSX host using VirtualBox II
- Windows 8 guest on Mac OSX host using VirtualBox I
- Ubuntu Package Management System (apt-get vs dpkg)
- RPM Packaging
- How to Make a Self-Signed SSL Certificate
- Linux Q & A
- DevOps / Sys Admin questions
Ph.D. / Golden Gate Ave, San Francisco / Seoul National Univ / Carnegie Mellon / UC Berkeley / DevOps / Deep Learning / Visualization