Reverse port tunneling is used to give a user outside of a networks firewall accesst to a computer inside the firewall where direct SSH connections aren't allowed. It works by the in-firewall computer SSH'ing to a middleman computer that then forwards incomming SSH connections on a given port to the firewalled computer.
- Get an ubuntu EC2 instance
- Download it's security keys (both in-firewall and out-firewall computers will need the private key)
- Setup the security group to allow connections on port 10002
- SSH into the middleman and add:
GatewayPorts yes
to/etc/ssh/sshd_config
sudo reload ssh
- For good measure:
sudo iptables -A INPUT -p tcp --dport 10002 -j ACCEPT
-
Add the ssh key for middle man to
~/.ssh/ec2_keys/
(it's a.pem
file) -
Set the permissions:
chomd 400 ~/.ssh/ec2_keys/<middleman-cert>.pem
-
Add to
~/.ssh/config
:Host <your-ec2-stuff>.compute-1.amazonaws.com IdentityFile ~/.ssh/ec2_keys/<middleman-cert>.pem User ubuntu
-
ssh -R 10002:localhost:22 ubuntu@<your-ec2-stuff>.compute-1.amazonaws.com
(you can use-f
to daemonize it)
-
Add the ssh key for middle man to
~/.ssh/ec2_keys/
-
Set the permissions:
chomd 400 ~/.ssh/ec2_keys/<middleman-cert>.pem
-
Add to
~/.ssh/config
:Host <your-ec2-stuff>.compute-1.amazonaws.com IdentityFile ~/.ssh/ec2_keys/<middleman-cert>.pem
-
ssh infirewall-username@<your-ec2-stuff>.compute-1.amazonaws.com -p 10002
(you can-Y
to forward X11)
Respawn the connection if it dies: