Here we can see, “What Is Reverse SSH Tunneling?”
Need to connect to an unreachable Linux machine via SSH? Allow it to call you, and then use that connection to establish your remote SSH session. We will show you how to do it.
When You’ll Want to Use Reverse SSH Tunneling
Remote computers can be challenging to reach at times. For example, it’s possible that the site they’re visiting has strict firewall rules in place or that the local administrator has set up complicated Network Address Translation rules. So if you need to connect to such a computer, how do you get to it?
Let’s get some labels in place. Because it is close to you, your computer is referred to as the local computer. Because it is in a different location than you, the computer you will connect to is the remote computer.
To distinguish between the local and remote computers in this article, the remote computer is referred to as “ITechBrand” and runs Ubuntu Linux (with purple terminal windows). On the other hand, “Sulaco” is the local computer’s name, which runs Manjaro Linux (with yellow terminal windows).
Usually, you’d connect to the remote computer using an SSH connection from your local computer. In the networking scenario, we’re describing, that isn’t an option. This is useful whenever you can’t SSH directly to a remote computer, regardless of the specific network issue.
However, if your networking configuration is simple, the remote computer can connect to you. However, this isn’t enough for your needs because it gives you a working command-line session on the remote computer. However, it is a start. Between the two computers, you’ve established a connection.
What Is Reverse SSH Tunneling?
What Is Reverse SSH Tunneling and How Does It Work?
Using reverse SSH tunneling, you can use that established connection to create a new relationship from your local computer to the remote computer.
Because the connection was established from the remote computer to you, using it in the opposite direction is referred to as “in reverse.” You’re also putting a secure connection inside an existing secure connection because SSH is secure. This means that your remote computer connection acts as a private tunnel within the original link.
As a result, the term “reverse SSH tunnelling” was coined.
How Does It Work?
The remote computer uses the established connection to listen for new connection requests from the local computer in reverse SSH tunneling.
On the local computer, the remote computer listens on a network port. If it detects an SSH request for that port, it sends the connection request down the established connection back to itself. This establishes a new relationship between the local and remote computers.
It’s much easier to put together than it is to describe.
Using SSH Reverse Tunneling
SSH will be installed on your Linux computer, but if the local computer has never accepted SSH connections before, you may need to start the SSH daemon (sshd).
sudo systemctl start sshd
Use this command to have the SSH daemon start every time you reboot your computer:
sudo systemctl enable sshd
The following command is run on the remote computer.
- The -R (reverse) option instructs ssh to create new SSH sessions on the remote computer.
- Connection requests to port 43022 on the local computer should be forwarded to port 22 on the remote computer, according to the “43022:localhost:22” directive. Because it is listed as being unallocated, port 43022 was chosen. It’s not a unique number.
- The user account that the remote computer will connect to on the local computer is dave@sulaco.local.
ssh -R 43022:localhost:22 dave@sulaco.local
You may receive an error message stating that you have never connected to the local computer before. Alternatively, as the connection details are added to the list of recognized SSH hosts, you may receive a warning. What you see, if anything, is determined by whether or not a connection has been established between the remote and local computers.
The password for the account you’re using to connect to the local computer will be requested.
From the remote computer, we’ve established a connection to the local computer. That means we can give it commands. For example, to see the logins on the local computer, use the who command.
who
The user dave has logged in to the local computer, and the remote computer has connected (using the same user credentials) from IP address 192.168.4.25.
Connecting to the Remote Computer
We can try to connect to the remote computer from the local one because the connection from the remote computer was successful, and it is listening for connections.
On the local computer, the remote computer is listening on port 43022. So, somewhat counterintuitively, we ask ssh to connect to the local computer on port 43022 to connect to the remote computer. The request for a connection will be forwarded to the remote computer.
ssh localhost -p 43022
The user account password is requested, and we are then connected to the remote computer from the local computer. “Welcome to Ubuntu 18.04.2 LTS,” says our Manjaro computer.
Using SSH With Keys
We can use SSH keys to make connecting from the remote computer to the local computer easier.
Type the following command on the remote computer:
ssh-keygen
You’ll be asked to enter a password. You can ignore the pass questions by pressing Enter, but this is not recommended. It means that anyone on the remote computer could connect to your local computer via SSH without having to enter a password.
A strong pass will consist of three or four words separated by symbols.
Your SSH keys will be generated automatically.
The public key must be transferred to the local computer. Use the following command:
ssh-copy-id dave@sulaco.local
You must provide the pass the first time you make a connection request from the remote computer to the local computer. Then, as long as that terminal window is open, you won’t have to type it in again for future connection requests.
Not Every Tunnel Is Dangerous
Although some tunnels are dark and twisty, reverse SSH tunneling isn’t tricky to master if you keep the relationship between the remote and local computers straight in your mind. Then do the opposite. To make things easier, create an SSH config file that allows you to automate tasks like tunneling and ssh-agent forwarding.
Conclusion
I hope you found this information helpful. Please fill out the form below if you have any questions or comments.
User Questions:
- What is the purpose of SSH tunneling?
SSH tunneling, also known as SSH port forwarding, sends data over an encrypted SSH connection. SSH tunnels allow connections to a local port (on your computer) to be forwarded to a remote machine over a secure channel.
- Is SSH a one-way or two-way tunnel?
You can connect to any destination using a Two-Way SSH tunnel if you log in from the destination to the source. If you can do that, you can also reverse the login process from start to destination, even if a firewall or NAT protects the goal.
- How does a reverse TCP shell work?
A reverse shell is a “virtual” shell that connects a victim’s computer to an attacker’s computer. Once the connection has been established, the attacker can send commands to the victim’s computer and receive results.
- Creating a secure reverse SSH tunnel
- Need some help port forwarding through a reverse SSH tunnel
Need some help port forwarding through a reverse SSH tunnel from networking