ssh reverse tunneling

March 16th, 2007 mysurface Posted in Admin, Network, ssh | Hits: 93413 | 11 Comments »

Recently I just discover how to perform ssh reverse tunneling, which is so amazing! I though I know enough about ssh, but ssh is capable of doing more than just connect to a remote server. You can find simple examples of accessing remote server through ssh here.

What is the usage for reverse tunneling?
Let say I have my server open ssh port to public, which means remote host from the Internet can access to my server through ssh. Another side, my friend’s machine do not open ssh port to public or his machine is behind the firewall.

With this condition, my friend can access my server, but I can’t login to his machine with conventional way. But, with ssh reverse tunneling, I can access to his machine.

How?
My friend’s (toydi) side need to create a reverse tunnel,
1. He create an user account for me as mysurface, uses useradd
2. Set a default password for mysurface user account, uses passwd
3. Setup ssh reverse tunnel

ssh -R 14443:localhost:22 toydi@mysurface.org

Assume that I already setup an account for toydi and my server domain name is mysurface.org.

-R means remote, remote port is set to 14443, forward to? my ‘localhost’ with port 22.

When it is done, toydi notify me and now from my side, login to his machine like this

ssh mysurface@localhost -p 14443

It looks like I am login to my own machine with local port 14443. But the truth is, I am login to toydi’s machine through ssh reverse tunnel that he provide me.

The tunnel is
toydi’s localhost:22 <----------------- mysurface's localhost:14443 I can do a dynamic tunneling to his machine too in this way, 

ssh -D 4445 mysurface@localhost -p 14443

More about ssh dynamic tunneling examples here.

There are more usage and manipulations of how to use reverse tunnel, check out MikeyMcKay’s Hacktivate blog.

Related Posts
ssh tunneling with local port
I remember I do post an example of how to do a dynamic tunnelling through ssh. For this post, I am going to tunnel sp...

Reverse a string
python provides a -c option to accept and run a script line. To reverse a string like this one: "toydi deified idiot"...

ssh dynamic tunneling
SSH is a very powerful tool, besides connecting to remote ssh server, execute command remotely and transfer files, it is...

11 Responses to “ssh reverse tunneling”

  1. mypapit Says:
    April 8th, 2007 at 2:52 am

    nice article, i never know reverse tunnelling concept before :)

  2. GbMax78 Says:
    April 13th, 2008 at 10:56 pm

    I have’d understand…

    1) Computer A (can’t open ports)
    2) Computer B (can open ports)

    Computer A:
    – useradd: mickeymouse password: duck
    – ssh -R 14443:localhost:22 mickeymouse@remote_wan_ip_B

    Computer B:
    – useradd: mickeymouse password: duck
    – Router, I have public port and private port, I need to open 14443 (public) and 22 (private) ?
    – ssh remote_wan_ip_B@localhost -p 14443

    It is correct ?
    Best regards.
    GbMax78

  3. mysurface Says:
    April 13th, 2008 at 11:58 pm

    GbMax78: Computer B only needs to open port 22 as public, 14443 is just a private port used to create a reverse tunnel across port 22 back to Computer A.

    ComputerB:22 < ---------------ComputerA:45678(random port) ComputerB:14443----:22-------->ComputerA:45678

  4. swaakaa Says:
    June 25th, 2008 at 4:49 pm

    Hi. Thanks for this information about “ssh reverse tunneling”. It’s workin fine!

    I just tried to make the remote machine (in your case your friend’s side) more secure using iptables. I want to let 2 connections open only:

    – port 22 for explicit IP (is needed in the remote LAN)
    – ssh reverse tunneling

    do you have any idea how the iptable rules should look like?

    thanks!

  5. mysurface Says:
    June 25th, 2008 at 7:09 pm

    @swaakaa: you may check out the examples at http://www.debian-administration.org/articles/187 . I think –hitcount is the one you are looking for.

  6. Fwolf’s Blog » Blog Archive 用ssh打通反向隧道,内网也可对外提供服务 - Fwolf's Blog Says:
    July 10th, 2008 at 7:38 pm

    […] ssh reverse tunneling […]

  7. La Resistenza al Telecom Package « Alessandro Bottoni Says:
    April 2nd, 2009 at 3:26 pm

    […] http://linux.byexamples.com/archives/238/ssh-reverse-tunneling/ […]

  8. Reserve SSH Tunnel | Continue Says:
    June 10th, 2012 at 12:35 am

    […] article [SSH reserve tunnel] shows the method to complete the […]

  9. software hide ip address Says:
    October 16th, 2012 at 11:11 pm

    Send Anonymous Emails – Hide your IP in E-mail headers. Supports Webmail services like Yahoo, Hotmail, and GMail. Mail clients supported with a Premium account include Outlook, Outlook Express, Eudora, and more!

  10. sites Says:
    May 7th, 2013 at 11:17 am

    I have to show thanks to this writer just for rescuing me from this type of matter. Because of looking throughout the the web and finding tricks which were not helpful, I was thinking my life was done. Living devoid of the strategies to the issues you have sorted out by way of your main blog post is a crucial case, and ones that could have in a negative way damaged my entire career if I had not encountered your blog. Your personal competence and kindness in taking care of the whole lot was vital. I am not sure what I would have done if I had not discovered such a step like this. I can also now look forward to my future. Thanks for your time so much for your impressive and effective guide. I will not hesitate to recommend your web site to any person who needs direction about this area.

  11. poopy pick waste pick Says:
    October 15th, 2014 at 10:52 am

    I don’t even know the way I finished up here, but I believed this
    post was great. I don’t recognize who you are but certainly you are
    going to a famous blogger in the event you aren’t already.
    Cheers!

Leave a Reply