How to bypass firewall and NAT with reverse SSH Tunnel

眉间皱痕 提交于 2019-11-28 17:57:51

问题


I'm trying to generate an SSH server in a machine behind a router.

First I tried to bind the SSH to my public IP address:

ssh -R 10002:localhost:22 <ip_address>

Then I'm prompted with a password request, however my username password doesn't seem to work.

Obviously I know my username password, so it seems to me that it's trying to authenticate in another computer under the same network.

Any suggestions how to fix this?

It would also help me any alternative on how to create an SSH server behind a Router when you don't have access to the Router.

The ports in iptables are all open.

UPDATE

As suggested by Thomas Oster answer I've tried the following.

In the machine behind the router I've executed the following command:

$ ssh -R10002:localhost:22 <remote_public_ip_address> -l <my_remote_server_username>

<remote_ip_address> being the remote_ip_address of a server with public IP and SSH server on which I have full control.

<my_remote_server_username> being the remote server username.

After that, I've tried to connect from the remote server to the server behind the router like this:

$ ssh -p 10002 <remote_public_ip_address>

However this command displays the following output:

ssh: connect to host <remote_public_ip_address> port 10002: Connection refused

So I opened the 10002 port in the iptables firewall using the following command:

sudo iptables -A INPUT -p tcp --dport 10002 -j ACCEPT

After that I've executed again the command but it displays the same error message.

In my machine behind the router I have all ports open in iptables.

UPDATE 2

You have to allow port-forwarding in the /etc/ssh/sshd_config of the remove_public_ip_address server

I've tried to allow portforwarding in the sshd_config file adding this command:

LocalForward 10002 <my_remote_public_server_ip>:22

But it gave me this error message:

Bad configuration option: LocalForward

After "ssh -R...." did you leave the window open?

After executing that command, it connects to the remote public machine, and yes, I left the window open.

Can you use ssh -p 10002 localhost on the public server after the tunnel is created?

Yes, if I execute that command in the public server, it connects after asking me for credentials.

Please try "ssh localhost" on the machine behind the router to check if sshd is running and working.

This also works.

UPDATE 3

I've been finally able to make it work (thanks again to Thomas Oster)

We are going to work with three machines:

Destination Machine: That we want to connect to.

Middle Machine: A server acting as an intermediary for the connection (a Linode in my case)

Home Computer: Where we will access to the destination machine.

These are the steps I followed

Step 1:

[destination computer]$ vi /etc/ssh/sshd_config

Add the GatewayPorts option:

GatewayPorts yes

Restart ssh.

Step 2:

[destination computer]$ ssh -R 4040:localhost:22 middle-machine-user@middle-machine-public-ip

This will link your public machine with your destination computer via port 4040

It will connect to the middle machine and prompt the terminal, you must leave this tab open.

Step 3:

Connect from home:

ssh destination-user@destination-ip -p4040

Or connect from the middle machine:

[home computer]$ ssh middle-machine-user@middle-machine-ip

[middle computer]$ ssh destination-user@localhost -p4040

Source


回答1:


Is there a ssh-server running on the public "ip_address"? What you're trying to do is "open ssh connection to "ip_address" and then tunnel any incoming request on port 10002 to localhost:22".

If "ip-address" is the public IP address of your dsl-router, you have to create a port-forwarding in the router's configuration to your host:22.

If you do not have access to the router, the only possible thing would be if you had access to another server running ssh in the internet, from which you can tunnel.

# open a session to the public available machine and create a tunnel from port 10002 back  to your local sshd (22)
ssh -R 10002:localhost:22 ip_of_public_server
# as long as this session is open, all calls to the public available machine on port 10002 will be tunneled to your local machine (make sure sshd is running on port 22)
ssh -p 10002 ip_of_public_server



回答2:


As you said we have "destination machine" (where we wanto to connect to using ssh), "middle machine" (public server working as forwarder), "other computers" (any other computer on the net)

As @thomas-oster said you have to use

[destination computer] $ ssh -R 2222:localhost:22 ip_of_public_server

However, in order for the tunnel to bind to 0.0.0.0 instead of localhost, you have to use GatewayPorts in /etc/ssh/sshd_config on the "middle machine" (public server):

GatewayPorts yes

Of course you have to restart sshd after adding this option.

Read http://www.snailbook.com/faq/gatewayports.auto.html for an explanation: "by default SSH only listens for connections to the forwarded port on the loopback address"

This will allow you to connect from any computer on the net to your destination computer using the ip of the middle machine (public server):

[any computer on the net] $ ssh -p 2222 ip_of_public_server

Make sure your firewall on the public server allows connections to port 2222/tcp.




回答3:


I recently stumbled upon the same problem, but without having root privileges on the SSH server.

As mentioned GatewayPorts yes is needed so also clients from network are able to connect to remote forwarding port on the SSH server. By default it is set to no. Thus if you don't have root privileges you cannot change SSHD settings to set GatewayPorts option to true. But in that case you can use the following workaround:

ssh -R 4041:localhost:22 myserver.com 'socat TCP-LISTEN:4040,fork TCP:127.0.0.1:4041'

socat is a great network utility which binds a TCP port 4040 on interface 0.0.0.0 so it is visible from network and redirects all traffic to the 127.0.0.1:4041 where SSHD is listening and redirecting it to your client's port 22.

Thus if somebody wants to connect your local SSH on port 22 as you described (on the client) he does:

ssh -p 4040 myserver.com 

and it works like this:

SSH client --> myserver.com:4040 (socat) --> 127.0.0.1:4041 (myserver.com, SSHD) --> SSH client port 22

socat can be either built from sources or already installed on the system. It is present in the RPMForge repositories for RHEL/CentOS (however if you don't have root privileges you cannot install it).



来源:https://stackoverflow.com/questions/19269385/how-to-bypass-firewall-and-nat-with-reverse-ssh-tunnel

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!