SSH Reverse Tunnel

One of the available scenarios for SSH Reverse channel: Access to the intranet host from the extranet. What is necessary is that you need a public network host with SSH login privileges.

The steps are as follows (the intranet host is called A, the public network SSH host address is HOSTP):

1. Implementation on the Intranet A

ssh -f-n-R  [Remotelistenip:]22222: localhost : [Email protected]]hostp    # Requires authentication, according to your situation: no password,-i key file, enter password

Where Remotelistenip means to listen on the HOSTP 22222 port IP, can be omitted. It does not work when the Gatewayports parameter on HOSTP is not set and is bound only to the local loopback, which may result in access to its 22222 port only on HOSTP.

-F indicates running in the background. N: Tell the SSH client that this connection does not need to execute any commands, just port forwarding. R:reverse Tunnel.

PS aux | grep ssh can see the above name running in the background to see if the HOSTP port is listening:

Mode one: SSH login hostp, execute Netstat-an | grep 22222 #查看监听的地址是127.0.0.1 or 0.0.0.0 (full address)

Way two: Nmap-p 22222 HOSTP #open或close状态

2. Crossing the Tunnel

SSH 22222 [[Email PROTECTED]]HOSTP

Should be denied access when Gatewayports is not set, you can log in to HOSTP first, and then log on from HOSTP a

SSH [Email protected]]hostp  ---->  ssh22222 [email protected]]localhost

If you want to use ssh-p 22222 directly [[email PROTECTED]]HOSTP Reference 3.

3. Add a line gatewayports Yes on HOSTP/etc/ssh/sshd_config to listen to all IPs, display as 0.0.0.0 or gatewayports Clientspecified

Refer to man manual, ssh-r parameter, sshd_config gatewayports Description:

- R
By default, the listening socket on the server is bound to the loopback interface only. This is overridden by specifying a bind_address. 
An empty bind_address, or the address ' * ', indicates this remote socket should listen on all interfaces. Specifying a remote bind_address
Would only succeed if the server's Gatewayports option is enabled (see Sshd_config (5)). Gatewayportsspecifies whether remote hosts is allowed to connect to ports forwarded for the client. By default, sshd (8) binds the remote port forwardings to Theloopback address. This prevents the other remote hosts from connecting to forwarded ports. Gatewayports can used to specify, sshd should allowremote port forwardings to bind to non-loopback addresses, thus Allowing other hosts to connect. The argument May is "no" to force remote Portforwardings to being available to the local host only, "yes" to force remote POR T forwardings to bind to the wildcard address, or ' clientspecified ' toallow the client to select the address to which the Forwarding is bound. The default is "no".

SSH Reverse Tunnel