Sometimes you need to get SSH access into a host that is inside a network behind a Firewall\/NAT and only outbound connections are allowed.<\/p>\n
AutoSSH can be installed on the client and will establish and persist an SSH tunnel into an external server allowing reverse connections into the client.<\/p>\n
Install and manually test the connection<\/strong><\/p>\n Note: user@example.com<\/strong> is the server exposed to the internet ready to receive SSH connections, 2022<\/strong><\/span>\u00a0is the port that the server will start to listen and forward to the client on port 22<\/span><\/strong>. If the server firewall exposes port 2022<\/span><\/strong> to the internet, anyone will be able to log into the client through the server at that port.<\/p>\n On the host that will receive the connection<\/strong><\/p>\n AutoSSH will not type the password to connect to the server, so it requires an SSH-Key [Link<\/a>].<\/p>\n It was tested and works fine. Now create a service on the client to enable the AutoSSH on the boot.<\/p>\n Configuring AutoSSH to run as a service<\/strong><\/p>\n Add the content:<\/p>\n The service will be executed as root, so the root user has to have the private key to be able to authenticate the connection.<\/p>\n Use the systemctl to manage the AutoSSH service:<\/p>\n The SSH Tunnel can be used to allow connection to different ports client’s localhost.<\/p>\n The example above maps the port 8080<\/span><\/strong> on the server that will be tunneled and get access to the HTTP (port 80<\/strong><\/span>) on the client.<\/p>\n The websites LocalHost.Run [Link<\/a>] and Ngrok [Link<\/a>] offers a service that uses the same ssh tunneling but connecting to their server instead of yours.<\/p>\n SSHd Configuration<\/p>\n Possibly the following configuration will have to be enabled on the SSH server:<\/p>\n SSH is a versatile protocol that allows many other functionalities such as mount a remote directory locally and even set up a temporary VPN.<\/p>\n Mounting a Remote File System over SSH<\/strong> with SSHFS (client-side only):<\/p>\n Setting a VPN over SSH<\/strong> with SSHuttle (client-site only):<\/p>\n BONUS<\/strong><\/p>\nsudo apt install autossh\r\nautossh -N -R 2022<\/strong><\/span>:localhost:22<\/span><\/strong> user@example.com<\/strong><\/pre>\nssh user@localhost -p 2022<\/span><\/strong><\/pre>\nsudo nano \/etc\/systemd\/system\/autossh-tunnel.service<\/pre>\n
[Unit]\r\nDescription=AutoSSH Tunnel Service - Remote Port 2022<\/span><\/strong>\r\n\r\n[Service]\r\n#User=userName<\/strong>\r\nRestart=always\r\nRestartSec=10\r\nExecStart=\/usr\/bin\/autossh -N -R 2022<\/strong><\/span>:localhost:22<\/span><\/strong> user@example.com<\/strong>\r\n\r\n[Install]\r\nWantedBy=multi-user.target<\/pre>\nsudo cp ~\/.ssh\/id_rsa \/root\/.ssh\/\r\nsudo cp ~\/.ssh\/id_rsa.pub \/root\/.ssh\/<\/pre>\n
sudo systemctl daemon-reload<\/strong>\r\nsudo systemctl enable<\/strong> autossh-tunnel.service\r\nsudo systemctl start<\/strong> autossh-tunnel.service\r\nsudo systemctl stop<\/strong> autossh-tunnel.service<\/pre>\n
autossh -N -R 8080<\/b><\/span>:localhost:80<\/b><\/span> user@example.com<\/strong><\/pre>\n
\n...\r\nAllowTCPForwarding yes\r\nGatewayPorts yes\r\n...<\/pre>\n
\nsudo apt install sshfs\r\nsshfs user@example.com:\/shared sshfs<\/pre>\n
sudo apt-get install sshuttle -y\r\nsshuttle --dns -vvr user@host 0\/0<\/pre>\n
\n