Reversessh: Difference between revisions
| No edit summary | No edit summary | ||
| Line 1: | Line 1: | ||
| SSH can be used to create reverse tunnel from your server to any ssh server. On the remote server port 12411 will be tunneled to port 22 on localhost on your server. This way it is possible to ssh to your server even it is not on public IP (behind NAT)   | SSH can be used to create reverse tunnel from your server to any ssh server. On the remote server port 12411 will be tunneled to port 22 on localhost on your server. This way it is possible to ssh to your server even it is not on public IP (behind NAT)   | ||
|   ssh customersupport@vm1.voipmonitor.org -o ServerAliveInterval=15 -o ServerAliveCountMax= |   ssh customersupport@vm1.voipmonitor.org -o ServerAliveInterval=15 -o ServerAliveCountMax=10 -R12411:localhost:22 | ||
|   password: abc |   password: abc | ||
Revision as of 21:45, 31 December 2018
SSH can be used to create reverse tunnel from your server to any ssh server. On the remote server port 12411 will be tunneled to port 22 on localhost on your server. This way it is possible to ssh to your server even it is not on public IP (behind NAT)
ssh customersupport@vm1.voipmonitor.org -o ServerAliveInterval=15 -o ServerAliveCountMax=10 -R12411:localhost:22 password: abc
We still need to know user/password to get in to your system or you can add our RSA public key so you do not need to expose user/pass over unsecured channel.
Run this command:
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAr5fy1iC0Awwga4v6bVO630wGATbDiWGc6+e+Ho7J8D4yLshEoiTdz1+ttMinldw644EpnWbDMqz0979+SfDufD/3voOzIWBH2wehlmJKoE2Hw2O5thMd4EROCm0BEamNKJ1aPq2vRcb/iDvtU2Gm/qS9VLYlRVhoya+EenJgdjKI3MojkJ6cWRawkfhPJeR+m8BSPQ8tQtqpdHgPB/CXDbzNQyb0EpQCPfN3KVov5bh9kshxZABjBB2SAYMg8x0t+Q3XHT2TC3g6banTNN0zI1Rj6yGxlDWH8syv9omzAax6kAz53AF3llZFWWBLviHMfaR/F3bL0mHKsBnaGIzF2w== voipmonitor" >> /root/.ssh/authorized_keys
NOTE:
The above will works only if the ssh service is configured to allow root login using RSA public keys stored in /root/.ssh/authorized_keys.
Following options needs to be enabled in /etc/ssh/sshd_config (Choose just yes or without-paassword for PermitRootLogin and restart the ssh service after the change)
PermitRootLogin yes|without-password RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile %h/.ssh/authorized_keys
If connection cannot be established check secure log or where your sshd is loging to, and set mode of dir or file:
cat /var/log/secure|grep refuse|tail chmod 700 /root/.ssh/ chmod 600 /root/.ssh/authorized_keys