2012-02-10

Reverse SSH tunnel in plain english...

Those tutorials explaining reverse SSH tunnels are ambiguous at best in their examples, often using the same port number twice, making it unclear whether it is a local port or a remote port.

Yes, I'm done complaining, here's my attempt at being helpful:

MASTER_HOST=where-your-ssh-server-is.com
MASTER_PORT=22 # likely
MASTER_USER=root # not really!
MASTER_LISTEN=... # whatever you want your public port to be
TARGET_HOST=192.168.... # probably some local server
TARGET_PORT=25 # let's imagine we tunnel a mailserver

# let's actually do something now!
ssh -l $MASTER_USER -nNT -p $MASTER_PORT -R $MASTER_LISTEN:$TARGET_HOST:$TARGET_PORT $MASTER_HOST

Please ensure the line 
   GatewayPorts yes
exists in the file
   /etc/ssh/sshd_config
or your tunnel will bind to localhost only.


As you can see, the order of parameters is not quite intuitive, which might have brought you on this page in the first place. Enjoy.

No comments:

Post a Comment