LINUX - SSH Reverse Tunnel - Traversing NAT - Setup a permanent tunnel to your pc using remote ssh

TRAVERSING NAT: HOW TO SETUP A PERMANENT TUNNEL BETWEEN YOUR PC AND A SSH SERVER SO YOU CAN CONNECT TO YOUR PC @ ANYTIME
###########################################################################################################################

Lets say you have a machine/pc/server (lets call it main_pc) that you want to connect to but its behind a NAT. Well you can setup a reverse tunnel to connect to it with. The reverse tunnel will make a tunnel from the main_pc to an ssh server (lets call it server_pc). Then when a person logs in to server_pc, they can use a command and be connected to main_pc. It would be alike to having a port forward at the firewall/router on main_pcs network that opens a port to main_pc and thus you can connect to it from everywhere - only difference between this method and open port is that your going through a tunnel and you have to enter the tunnel through server_pc. 

Server_pc is accesible from everywhere, and main_pc is accessible from only main_pcs network. After this main_pc can be connected through server_pc.

Prerequesites: All of them must have ssh. Openssh-server on both servers.

------------------------------
ON SERVER BEHIND NAT - main_pc:
------------------------------

Everytime you ssh your asked for a password and that is annoying, you can make it go away with ssh keys (give main_pcs public key to server_pc) but I will use sshpass which gives the password to the ssh server automatically without a prompt stopping your actions. (It would be annoying if there was an invisible prompt stopping your boot - that is if you had this process at boot, which the last part of this section will show you)

- Make sure your root the whole time

# apt-get install sshpass

# sshpass -p 'Your_password_at_server_pc' ssh root@server_pc.com -R 54231:localhost:22 -tN &

Put that command in cronjob so that it launches at boot (there are lots of other ways to do this)

# crontab -e

Select vim or nano if asked for what editor you want to use. 

Put this entry at bottom (no need for the typical cronjob format # # # # # or whatever, just put in @reboot and it will happen at boot everytime)

@reboot sshpass -p 'Your_password_at_server_pc' ssh root@server_pc.com -R 54231:localhost:22 -tN &

-------------------------
SSH SERVER - server_pc:
-------------------------

Connect to server_pc, either login to it directly physically, or just ssh into server_pc from where ever your at.

Now to connect to server behind NAT @ anytime

- You dont have to be root, but you must connect to root user

# ssh -p 54321 root@localhost
 
Even though localhost is the server_pc, the port 54321 is a direct tunnel to main_pc... so we are not connecting to root@server_pc we are actaully connecting to root@main_pc
Comments