SSH Reverse tunnel – simple how to
It’s been a while since I last wrote about ssh, one of my favorite applications.
SSH is extremely versatile and although the use of tunnels is a well know feature of ssh the reverse tunnel is not.
First where can you use a reverse tunnel? Imagine that you need to service a server/desktop that is behind a firewall and the only communication available is must be started on the host behind the firewall.
Look at the diagram bellow:
Now you are sitting on PC B and your mother in law is sitting on PC A (familiar story?? And yes my mother in law uses Linux), I don’t have direct access to her laptop (PC A) but I still need to install her skype to talk to the family.
First on PC B I create a dummy user for the connection:
useradd -m motherinlaw
passwd motherinlaw
Then tell someone on PC A to do the following (or create you own script to do it automatically, I’m also assuming that both PCs have sshd running)
ssh motherinlaw@PC-IP-B -R 2000:localhost:22
Let me explain it, the -R sets a remote tunnel, the 2000 is the port to be opened on the remote computer and the 22 is the port where the communication is going to on the local computer (PC A)
So after a successful ssh login from PC A to PC B (you may check it for instance with who), you will be able to login in PC A from PC B issuing:
ssh root@localhost -p2000
Hope this helped someone out there.
Cheers,
Pedro Oliveira