Skip to content

Instantly share code, notes, and snippets.

@jjshoots

jjshoots/Reverse SSH jumphost.md

Last active February 23, 2023 16:26
Show Gist options
  • Save jjshoots/ab9afe5070b744f938668da006196203 to your computer and use it in GitHub Desktop.
Save jjshoots/ab9afe5070b744f938668da006196203 to your computer and use it in GitHub Desktop.
Download ZIP
Reverse SSH Jumphost
Raw
Reverse SSH jumphost.md

Reverse SSH Jumphost

https://gist.github.com/rfairley/41f4a8e8b4c13f19d748ba4b0e600cc5

On all machines

  1. Create ssh key pair.

On Jumphost

  1. Disable password authentication by ensuring that PasswordAuthentication and ChallengeResponseAuthentication are set to no in /etc/ssh/sshd_config
  2. Allow external connections on JUMPHOST_PORT by configuring the firewall (any number above 1024 is good, 12345 used here) 
    sudo ufw allow 12345/udp
sudo ufw allow 12345/tcp
sudo ufw enable
  3. Add target machine's public ssh key to ~/.ssh/authorized_keys.
  4. Add local machine's public ssh key to ~/.ssh/authorized_keys.

On Target Machine (The one we want to access remotely)

  1. Disable password authentication by ensuring that PasswordAuthentication and ChallengeResponseAuthentication are set to no in /etc/ssh/sshd_config

  2. Add jumphost machine's public ssh key to ~/.ssh/authorized_keys.

  3. Add local machine's public ssh key to ~/.ssh/authorized_keys.

  4. Make sure openssh is installed:

    sudo apt install openssh-server
sudo systemctl enable ssh
sudo systemctl start ssh
sudo systemctl status ssh

    Verify that it's actually working.

  5. Add a reverse ssh systemd that automatically connects to the jumphost on boot as well as when it crashed to /etc/systemd/system/call-vps.service:

    [Unit]
Description=Reverse SSH connection
After=network.target

[Service]
User=TARGET_MACHINE_USER
ExecStart=/usr/bin/ssh -vvv -g -N -T -o "ServerAliveInterval 10" -o "ExitOnForwardFailure yes" -R UMPHOST_IP:JUMPHOST_PORT:localhost:22 JUMPHOST_USER@JUMPHOST_IP -i ~/.ssh/TARGET_MACHINE_PRIVATE_KEY_FILE
Restart=always
RestartSec=30s

[Install]
WantedBy=multi-user.target

  6. Enable the service:

    sudo systemctl enable call-vps.service
sudo systemctl start call-vps.service
sudo systemctl status call-vps.service

    Verify that it's actually working.

On Local Machine (The one that is used to access target)

  1. Add the following to ~/.ssh/config:

    Host JUMPHOST_NAME
 Hostname JUMPHOST_IP
 IdentityFile ~/.ssh/LOCAL_MACHINE_PRIVATE_KEY_FILE
 User JUMPHOST_USER

Host TARGET_NAME
 Hostname localhost
 Port JUMPHOST_PORT
 User TARGET_USER
 ProxyCommand ssh -q -W %h:%p JUMPHOST_NAME

    Note that JUMPHOST_NAME and TARGET_NAME can be anything.

    On windows, make sure ssh is installed and replace the ProxyCommand line with: ProxyCommand C:\Windows\System32\OpenSSH\ssh.exe -q -W %h:%p JUMPHOST_NAME

  2. To connect to the target (or for rsync operations or whatnot as well), just do: ssh TARGET_NAME

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment