SSH Reverse Tunnel

posted 21 Oct 2017, 13:12 by Tristan Self

If you need to SSH to a host but don't have direct SSH access, you can perform a reverse SSH tunnel. For this you need a host that will except inbound connections to work as a "jump host", it is possible without it, where you could SSH back to your client computer; however for the purposes of this example the setup is as follows:

1. TARGETSRV - Target host you want to connect to, you will start the SSH reverse tunnel from here.

2. JUMPHOST - The host you'll be connecting the reverse tunnel to from the TARGETSRV.

3. CLIENT - Your client computer that you'll be SSHing from to the JUMPHOST.

The first step is to start the SSH reverse tunnel from the TARGETSRV. Here we are creating a tunnel from port 22 on the TARGETSRV to port 19999 on the JUMPHOST over port 22 SSH.

# ssh -p 22 -R 19999:localhost:22 JUMPHOST -l <user>

Now SSH to the JUMPHOST from CLIENT and run the following command:

ssh -p 19999 127.0.0.1 -l <user>

Now you will have connected to the TARGETSRV down the reverse tunnel.Especially useful if your target host is behind a firewall where direct access is not possible.

Comments

geekmungus	Search this site