User Tools

Site Tools


reverse-ssh

Reverse Tunnel with SSH

Here I'll describe how to establish a tunnel to gain access to a client behind a firewall or NAT router.

The following command is run on the client. It will establish a listening socket on host.example.com port 22222:

#ssh -R 22222:localhost:22 client@host.example.com

Now connect to host.example.com with ssh from you workstation:

#ssh root@host.example.com

Then from the new ssh terminal, connect through the client tunnel:

#ssh root@localhost -p 22222

Viola. You will now have root access to the client.

For windows clients this ssh server might be usefull, not tested though: Free SSHd

For security if this should be used over GPRS lines:

  1. The server could be host.example.com. There might be some benefits by doing this: Local files and browser interface with terminal.
  2. The 'client' user should be added to the server, with no rights and unattended certificate login. It should only allow for the callback socket.
reverse-ssh.txt · Last modified: 2019/07/21 18:03 (external edit)