Home > Command-Line, Open Source > SSH Reverse Tunnel

SSH Reverse Tunnel

26/03/2007 Leave a comment Go to comments

What we will do in the situation where we want to access a node located behind a firewall, or locate in LAN behind a router. Quite impossible to access it. May be we can do port forwarding it the router to forward our packets to the target node, but we have to be the system administrator of the LAN to do it (or may be ask them to do).

However, if our target node is able contact us from the LAN, we still can access the node without disturbing our lovely system administrator. A tunnel between our node and the node will do the job. In this case, the tunnel is initiated by our target node. This is known as reverse tunnel.

Using ssh, you can set up this easily. Type the command as below:

# ssh -fNR [bind_address:]port:host:hostport] [user@]hostname

As example we want to access the target node (name: localhost) from our node (name: www.example.org). The port we want to access is port 22 and it will be accessible from our node at port 2222.

# ssh -fNR 2222:localhost:22 www.example.com

After that, the you are prompted password as usual. After successful login, the command quit but it will remains in background.

To access the target node, use our node to access the forwarded port (2222). So let say, if you want to ssh into the machine (because we have forwarded ssh port), we can use this command

# ssh localhost -p 2222

Then we will able to access the node in the LAN. This is valid for other ports as well. Cheers!

Categories: Command-Line, Open Source
  1. mozey
    26/03/2007 at 2:49 pm | #1
    Reply | Quote

    snazzy, thank you

  2. Zeth
    30/03/2007 at 7:23 pm | #2
    Reply | Quote

    Genius!

    I always assumed something like this was possible but never got around to finding this out. I’ll certainly be giving it a go!

    Best Wishes,
    Zeth

  3. fadli79uk
    03/04/2007 at 1:29 am | #3
    Reply | Quote

    Thank all for the appreciations. Apt-Get Explore mentioned in Command-Line Warriors… that awesome!

  4. G.
    08/04/2007 at 5:24 pm | #4
    Reply | Quote

    also check autossh to keep the tunnel up

  5. fadli79uk
    09/04/2007 at 4:07 am | #5
    Reply | Quote

    # autossh -M 2000 -NR 2222:localhost:22 http://www.example.com

    It give almost the same feature but
    1. it can not accept authentication by file.
    2. when connection terminated, i have to retype the password again to access http://www.example.com. is there any option to skip this?

  6. Adam Lofts
    13/11/2007 at 11:09 pm | #6
    Reply | Quote

    Hi!

    Thanks for the tip. Proved very useful to me. One addition I would make is to mention that GatewayPorts should be set to “yes” or “clientspecified” in sshd_config in order to allow other computers to connect to our reverse forwarded port.

    Cheers
    Adam

  1. 30/03/2007 at 9:15 pm | #1
    Command Line Warriors » Blog Archive » This Week on the Command Line: Bring back CD-RWs but not the draft, also choose your dessert carefully!

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.