Recently I just discover how to perform ssh reverse tunneling, which is so amazing! I though I know enough about ssh, but ssh is capable of doing more than just connect to a remote server. You can find simple examples of accessing remote server through ssh here.
What is the usage for reverse tunneling?
Let say I have my server open ssh port to public, which means remote host from the Internet can access to my server through ssh. Another side, my friend’s machine do not open ssh port to public or his machine is behind the firewall.
With this condition, my friend can access my server, but I can’t login to his machine with conventional way. But, with ssh reverse tunneling, I can access to his machine.
My friend’s (toydi) side need to create a reverse tunnel,
1. He create an user account for me as mysurface, uses useradd
2. Set a default password for mysurface user account, uses passwd
3. Setup ssh reverse tunnel
ssh -R 14443:localhost:22 firstname.lastname@example.org
Assume that I already setup an account for toydi and my server domain name is mysurface.org.
-R means remote, remote port is set to 14443, forward to? my ‘localhost’ with port 22.
When it is done, toydi notify me and now from my side, login to his machine like this
ssh mysurface@localhost -p 14443
It looks like I am login to my own machine with local port 14443. But the truth is, I am login to toydi’s machine through ssh reverse tunnel that he provide me.
The tunnel is
toydi’s localhost:22 <----------------- mysurface's localhost:14443
I can do a dynamic tunneling to his machine too in this way,
ssh -D 4445 mysurface@localhost -p 14443
More about ssh dynamic tunneling examples here.
There are more usage and manipulations of how to use reverse tunnel, check out MikeyMcKay's Hacktivate blog.