Reverse SSH tunnel

Reviews and other little ventures that don't quite fit into the other forums
Post Reply
Daniel Wee
Site Admin
Posts: 2449
Joined: Wed 25 Feb 25 2009 8:00 pm

Reverse SSH tunnel

Post by Daniel Wee »

https://blog.devolutions.net/2017/3/wha ... forwarding

Specifically, on the remote machine run:-

Code: Select all

ssh –f –N –T –R 2210:localhost:22 username@yourMachine.com -p 7722
*if cutting and pasting this results in errors, just type it out to avoid inclusion or illegal characters

In this case, port 2210 is the tunneling port into the remote machine. Port 7722 is whatever port is being routed to port 22 in the local machine. This defaults to 22 for SSH if not specified. This will then require you to enter the password before logging in. You may be prompted to add the URL if it is the first time so for automation, the URL needs to be in the SSH list already or it might hang.

Once you have the command working, you may want to include it in /etc/rc.local to have it run upon start up.
*UPDATE: It appears that Alpine does not execute the rc.local at startup. What you need to do is to create a file inside of /etc/local.d with a .start extension. That will get run if it has an executable flag so remember to do the chmod +x command.
*UPDATE2: It appears that while we can get a command to be run by appending it to the apps.start file, it gets run before the system is fully up (eg. date is incorrect.) Now exploring appending to /media/mmcblk0p1/start.sh

On the local client, you can then use the tunnel by issuing:-

Code: Select all

ssh -p 2210 root@localhost
This will log into the remote machine as "root".
Daniel Wee
Site Admin
Posts: 2449
Joined: Wed 25 Feb 25 2009 8:00 pm

Re: Reverse SSH tunnel

Post by Daniel Wee »

To automate the password, you cannot specify it within the ssh command line for security reasons. The way to achieve automation is by creating a key pair. On the remote machine, run:-

Code: Select all

ssh-keygen -t rsa -b 2048
Do not assign any password when prompted until the end. Ie. when it asks for "Enter passphrase", just hit enter. After this, you need to copy the file to the target machine:-

Code: Select all

ssh-copy-id -p NNNN user@target
The -p NNNN specifies the port number and needs to precede the user@target parameter. This is only needed if a non-standard port is being used (other than 22). Here "target" would be your URL or IP. This will ask for a password for login and possibly whether you want to add. If so, choose "yes".

Finally, you can log in without password by:-

Code: Select all

ssh -p 22223 user@target
Post Reply