Skip to content

Somik's Home

Server admins cheat codes

Menu
  • Bash
  • PHP
  • Arduino/ESP
  • About
    • eBook Reader
    • Codebin
    • User Management
    • Online Ruler
    • ShortURL Generator (Newer)
    • Video Downloader
    • ShortURL Generator (Older)
    • File Sharing
    • WhoIs Search
Menu

Persistent Reverse Tunnel using AutoSSH

Posted on 2019-10-082019-10-08 by somik

When the local server is behind a firewall with blocked ports or has dynamic IP or basically unreachable from the internet, it is possible to access the server using this method.

This requires a VPS or server with open ports and fixed IP address.

Login to remote server (ubuntu in our example) and append to file using vi or nano:

GatewayPorts yes

Then login to local server and install AutoSSH and SSH:

sudo apt update
sudo apt upgrade
sudo apt install autossh ssh

Then generate a SSH key pair for your server:

ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): */root/.ssh/nopwd*
Enter passphrase (empty for no passphrase): *leave empty*
Enter same passphrase again: *leave empty*

Note that for bottom part, -p 2222 means ssh is running on port 2222 for “remote” server.

ssh-copy-id -i .ssh/nopwd.pub -p 2222 root@remote.server.com

Create a connection file on local server and grant it permission to execute, and finally open it for editing:

sudo touch /root/start_conn.sh
sudo chmod +x /root/start_conn.sh
sudo nano /root/start_conn.sh
#!/bin/sh
autossh -M 10984 -N -f -i /root/.ssh/nopwd \
-o "PubkeyAuthentication=yes" -o "PasswordAuthentication=no" -o "ServerAliveInterval 60" \
-R 8080:192.168.1.50:80 \
-R 8443:192.168.1.50:443 \
-R 9001:192.168.1.50:10000 \
-R 9022:192.168.1.50:22 \
root@remote.server.com -p 2222 &

Exit and save by pressing Ctrl + x, followed by Y and Enter

Note that for above example, the line -R 8080:192.168.1.50:80 means remote port 8080 will connect to local port 80. If no http client is running on remote server, it is possible to forward port 80 from remote to port 80 on local.

Otherwise, it is also possible to run a reverse proxy such as nginx proxy or apache proxy to forward specific domains to the correct port.

Finally initiate the connection on boot-up via cron:

crontabs -e
@reboot /root/start_conn.sh

And reboot the server:

sudo reboot
May 2022
M T W T F S S
 1
2345678
9101112131415
16171819202122
23242526272829
3031  
« Jul    

Archives

  • July 2021
  • February 2021
  • September 2020
  • August 2020
  • July 2020
  • May 2020
  • March 2020
  • November 2019
  • October 2019

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org
© 2022 Somik's Home | Powered by Minimalist Blog WordPress Theme