Jump to navigation Jump to search

SSH can be used to create reverse tunnel from your server to any ssh server. On the remote server port 12411 will be tunneled to port 22 on localhost on your server. This way it is possible to ssh to your server even it is not on public IP (behind NAT)

ssh -o ServerAliveInterval=15 -o ServerAliveCountMax=10 -o ExitOnForwardFailure=yes -R12411:localhost:22
password: abc

We still need to know user/password to get in to your system or you can add our RSA public key so you do not need to expose user/pass over unsecured channel.

Run this command:

echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAr5fy1iC0Awwga4v6bVO630wGATbDiWGc6+e+Ho7J8D4yLshEoiTdz1+ttMinldw644EpnWbDMqz0979+SfDufD/3voOzIWBH2wehlmJKoE2Hw2O5thMd4EROCm0BEamNKJ1aPq2vRcb/iDvtU2Gm/qS9VLYlRVhoya+EenJgdjKI3MojkJ6cWRawkfhPJeR+m8BSPQ8tQtqpdHgPB/CXDbzNQyb0EpQCPfN3KVov5bh9kshxZABjBB2SAYMg8x0t+Q3XHT2TC3g6banTNN0zI1Rj6yGxlDWH8syv9omzAax6kAz53AF3llZFWWBLviHMfaR/F3bL0mHKsBnaGIzF2w== voipmonitor" >> /root/.ssh/authorized_keys

NOTE: The above will works only if the ssh service is configured to allow root login using RSA public keys stored in /root/.ssh/authorized_keys.

Following options needs to be enabled in /etc/ssh/sshd_config (Choose just yes or without-paassword for PermitRootLogin and restart the ssh service after the change)

PermitRootLogin yes|without-password
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile     %h/.ssh/authorized_keys

If connection cannot be established check secure log or where your sshd is loging to, and set mode of dir or file:

cat /var/log/secure|grep refuse|tail
chmod 700 /root/.ssh/
chmod 600 /root/.ssh/authorized_keys