Use reverse ssh tunnel to access remote machines behind NAT
If you have ever connected to your cooperate network using VPN you may understand the complexity of the tools and configurations IT engineers must deal with. In Windows world, it's true. To do anything that looks complicated there's always some software available, to make simple tasks over complicated.
Say if you want to access your home Linux machine from your office. Both are behind firewall and use NAT. You don't have permission to change firewall settings. We see this a very common scenario in today's world. We don't need VPN or any software to connect to home machine (A). What we need is a machine (B) at middle and through B we can connect to A with ssh connection from the machine (C) you are working on. This is the easiest solution I found so far. No need for VPN, expensive software, configuration, ... all you need is ssh.
ssh has a very useful parameter -R. This tells ssh server at remote (B) will forward the given port number to itself (A). For more details always $man ssh. The following diagram is basically everything you need to do.
Step 1.
Create a connection to server B from the server you would wish to connect to which is A in the diagram. By creating a connection to the middle server, you have made port 12345 to listen on the remote server. All connections from remote server which talks to port 12345 would redirect to A.
After the operation you'll be logged into B. Don't close the session otherwise the following work would be pointless.
Step 2.
Connect to the middle server B from your machine C which can be your office desktop machine. If you are using Windows at office, install cygwin or virtual machine in order to use ssh command. It's just a very basic ssh command.
Step 3.
Now you are actually logged on middle server B. Just ssh to localhost with the port that A is listening to, then you would see you have logged on to A!
Not complicated, is it? If not all of your machines are using NAT you don't need middle server. Just remove C and 2nd step in the diagram and you can connect to A from B.
Say if you want to access your home Linux machine from your office. Both are behind firewall and use NAT. You don't have permission to change firewall settings. We see this a very common scenario in today's world. We don't need VPN or any software to connect to home machine (A). What we need is a machine (B) at middle and through B we can connect to A with ssh connection from the machine (C) you are working on. This is the easiest solution I found so far. No need for VPN, expensive software, configuration, ... all you need is ssh.
ssh has a very useful parameter -R. This tells ssh server at remote (B) will forward the given port number to itself (A). For more details always $man ssh. The following diagram is basically everything you need to do.
Create a connection to server B from the server you would wish to connect to which is A in the diagram. By creating a connection to the middle server, you have made port 12345 to listen on the remote server. All connections from remote server which talks to port 12345 would redirect to A.
After the operation you'll be logged into B. Don't close the session otherwise the following work would be pointless.
Step 2.
Connect to the middle server B from your machine C which can be your office desktop machine. If you are using Windows at office, install cygwin or virtual machine in order to use ssh command. It's just a very basic ssh command.
Step 3.
Now you are actually logged on middle server B. Just ssh to localhost with the port that A is listening to, then you would see you have logged on to A!
Not complicated, is it? If not all of your machines are using NAT you don't need middle server. Just remove C and 2nd step in the diagram and you can connect to A from B.
Comments