Live Chat!

ssh reverse tunneling

* * * * * 1 votes

March 16th, 2007 mysurface Posted in Admin, Network, ssh | Hits: 10177 |

Recently I just discover how to perform ssh reverse tunneling, which is so amazing! I though I know enough about ssh, but ssh is capable of doing more than just connect to a remote server. You can find simple examples of accessing remote server through ssh here.

What is the usage for reverse tunneling?
Let say I have my server open ssh port to public, which means remote host from the Internet can access to my server through ssh. Another side, my friend’s machine do not open ssh port to public or his machine is behind the firewall.

With this condition, my friend can access my server, but I can’t login to his machine with conventional way. But, with ssh reverse tunneling, I can access to his machine.

How?
My friend’s (toydi) side need to create a reverse tunnel,
1. He create an user account for me as mysurface, uses useradd
2. Set a default password for mysurface user account, uses passwd
3. Setup ssh reverse tunnel

ssh -R 14443:localhost:22 toydi@mysurface.org

Assume that I already setup an account for toydi and my server domain name is mysurface.org.

-R means remote, remote port is set to 14443, forward to? my ‘localhost’ with port 22.

When it is done, toydi notify me and now from my side, login to his machine like this

ssh mysurface@localhost -p 14443

It looks like I am login to my own machine with local port 14443. But the truth is, I am login to toydi’s machine through ssh reverse tunnel that he provide me.

The tunnel is
toydi’s localhost:22 <----------------- mysurface's localhost:14443

I can do a dynamic tunneling to his machine too in this way,

ssh -D 4445 mysurface@localhost -p 14443

More about ssh dynamic tunneling examples here.

There are more usage and manipulations of how to use reverse tunnel, check out MikeyMcKay’s Hacktivate blog.

Related Posts
Reverse a string
python provides a -c option to accept and run a script line. To reverse a string like this one: "toydi deified idiot"...

ssh tunneling with local port
I remember I do post an example of how to do a dynamic tunnelling through ssh. For this post, I am going to tunnel sp...

ssh dynamic tunneling
SSH is a very powerful tool, besides connecting to remote ssh server, execute command remotely and transfer files, it is...

3 Responses to “ssh reverse tunneling”

  1. mypapit Says:
    April 8th, 2007 at 2:52 am

    nice article, i never know reverse tunnelling concept before :)

  2. GbMax78 Says:
    April 13th, 2008 at 10:56 pm

    I have’d understand…

    1) Computer A (can’t open ports)
    2) Computer B (can open ports)

    Computer A:
    - useradd: mickeymouse password: duck
    - ssh -R 14443:localhost:22 mickeymouse@remote_wan_ip_B

    Computer B:
    - useradd: mickeymouse password: duck
    - Router, I have public port and private port, I need to open 14443 (public) and 22 (private) ?
    - ssh remote_wan_ip_B@localhost -p 14443

    It is correct ?
    Best regards.
    GbMax78

  3. mysurface Says:
    April 13th, 2008 at 11:58 pm

    GbMax78: Computer B only needs to open port 22 as public, 14443 is just a private port used to create a reverse tunnel across port 22 back to Computer A.

    ComputerB:22 < ---------------ComputerA:45678(random port)

    ComputerB:14443----:22-------->ComputerA:45678

Leave a Reply