Using SSH port redirection to get Remote Access

I have been asked to have a look at a Linux server for a client which is behind a firewall, buried deep inside a corporate network with no hope of any firewall access being arranged this side of christmas. The solution is to use an ssh tunnel instigated on the target server to our ssh proxy server. Here at Gconnect we keep a ‘sacrificial’ server to allow proxy access to to manage remote servers. You can use this method for accessing any service, you just need to change the port settings around. At Gconnect we use thsi technology with our Cloud Backup Cube which allows us to remote manage and monitor the disks with Nagios. Firstly create an account on your proxy (seen here as username) with a login shell, then send the following line for the client to paste into the command line:

ssh -R -f -N 10010:localhost:22 username@my_ssh_proxy_server

Here’s what the flags mean:

-R Reverse tunnel
-f Force into background
-N Do not send a command (just make the tunnel)

To connect to the server, all we do now is on my client (mac):

ssh -p 10010 username@my_ssh_proxy_server

And I’m logged in!

To change the services, say to http you can change the instantiation line to:

ssh -R -f -N 10010:localhost:80 username@my_ssh_proxy_server

which would allow you to browse to http://my_ssh_proxy_server:10010 to access a web server running on the target.

This entry was posted in FreeBSD Administration. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *