One of the tools in any system engineer’s hand as well as those dealing with customer remote service is to set a remote connection to the other end’s server or PC, through VPN, Public IP or any other possible way. One easy yet effective approach is to establish a ssh tunnel by means of reverse SSH.
There are so many applications to reverse ssh but here we deal with 2 most commonly used scenarios:
You want to connect to a PC or server which is behind firewall or inaccessible through internet. on the other hand your laptop is connected to internet by means of you router. If you don’t have a public IP on your laptop you can use dyndns.com and register a domain like mehrdust.dyndns.com. Here we are not supposed to talk about dyndns, so we assume that the router is configured to forward ssh ports (default: 22) to the ip of your laptop. Now all you need to do is to run this on PC:
ssh -N -R 10555:localhost:22 firstname.lastname@example.org
Note: 10555 could be any available port on your laptop. The -R 10555:localhost:22 option causes the laptop to listen on port 10000 and forward any requests on that port to the work machine (this is basically ssh tunneling).
Next thing to do is to ssh to port 10555 on your laptop and you will actually be sshing to port 22 on the firewalled server:
ssh -p 10555 PCusername@localhost
Now let’s presume that we want to remotely log into a customer’s server from our desktop PC in the office. The thing is neither sides are accessible from internet. (nor public ip nor dyndns) But we have a server/PC which is accessible. we can simply use it as a platform (middleman) between the customer server and your desktop.
So here is how it works:
customer server ip: 192.168.0.199/24 linux user: support
Middle man Public IP: 188.8.131.52 linux user: miduser
Your Desktop PC IP: 192.168.1.55/24 user: mehrdust
All you need to do is to ask your customer to run this on their server:
ssh -f -N -R 10050:localhost:22 email@example.com
Then you will be prompted for the password.
You can now login to their server by running this from your desktop:
ssh -p 10015 firstname.lastname@example.org
Make sure you add the following in /etc/sshd_config:
TCPKeepAlive yes ClientAliveInterval 30 ClientAliveCountMax 99999 GatewayPorts yes
After setting the above restart ssh deamon:
# service ssh restart
To check the list of opened tunnels on the middleman run:
# sudo lsof -i -n | egrep '\<sshd\>' sshd 25407 root 3r IPv4 777970 TCP 184.108.40.206:ssh->220.127.116.11:49104 (ESTABLISHED) sshd 25415 support 3u IPv4 777970 TCP 18.104.22.168:ssh->22.214.171.124:49104 (ESTABLISHED) sshd 25415 support 9u IPv6 778070 TCP [::1]:10150 (LISTEN) sshd 25415 support 10u IPv4 778071 TCP 127.0.0.1:10150 (LISTEN) sshd 25471 root 3r IPv4 778472 TCP 126.96.36.199:ssh->188.8.131.52:49533 (ESTABLISHED) sshd 25479 support 3u IPv4 778472 TCP 184.108.40.206:ssh->220.127.116.11:49533 (ESTABLISHED) sshd 25551 root 3u IPv4 778922 TCP *:ssh (LISTEN) sshd 25551 root 4u IPv6 778924 TCP *:ssh (LISTEN) sshd 25554 root 3r IPv4 778930 TCP 18.104.22.168:ssh->22.214.171.124:53246 (ESTABLISHED) sshd 25562 support 3u IPv4 778930 TCP 126.96.36.199:ssh->188.8.131.52:53246 (ESTABLISHED) sshd 25672 root 3r IPv4 779734 TCP 184.108.40.206:ssh->220.127.116.11:52538 (ESTABLISHED) sshd 25680 support 3u IPv4 779734 TCP 18.104.22.168:ssh->22.214.171.124:52538 (ESTABLISHED) sshd 25680 support 9u IPv4 779835 TCP *:10142 (LISTEN) NOTE: To drop the connection simply kill the PID (in this case 25680). You can also use:netstat -n --protocol inet | grep ':22'
Here is a script to check the ssh tunnel and bring it back on in case it’s down:
#!/bin/bash while true do if ps aux | grep "0.55.111.222" then echo "SSH connection up." else echo "SSH connection down." echo "Trying to connect ..." ssh -f -N -R 10050:localhost:22 email@example.com fi sleep 60 done
Source: Reversing ssh connection