Joinsubscribers and get a daily digest of news, geek trivia, and our feature articles. Need to SSH to an unreachable Linux computer? Have it call you, then burrow down that connection to get your own remote SSH session. We show you how. Sometimes, remote computers can be hard to reach. The site they are located at may have tight firewall rules in place, or perhaps the local admin has set up complex Network Address Translation rules. How do you reach such a computer if you need to connect to it?
Your computer is the local computer because it is near you. The computer you are going to connect to is the remote computer because it is in a different location than you. But if the networking configuration on your end is straightforward, the remote computer can connect to you. But it is a start. You have an established connection between the two computers.
Reverse SSH tunneling allows you to use that established connection to set up a new connection from your local computer back to the remote computer. This means your connection to the remote computer acts as a private tunnel inside the original connection. Reverse SSH tunneling relies on the remote computer using the established connection to listen for new connection requests from the local computer.
The remote computer listens on a network port on the local computer. If it detects an SSH request to that port, it relays that connection request back to itself, down the established connection. This provides a new connection from the local computer to the remote computer. You may get a warning about having never connected to the local computer before. Or you may see a warning as the connection details are added to the list of recognized SSH hosts. What you see—if anything—depends on whether connections have ever been made from the remote computer to the local computer.
You will be prompted for the password of the account you are using to connect to the local computer. Note that when the connection has been made the command prompt changes from dave howtogeek to dave sulaco. That means we can issue commands to it. We can see that the person with the user account called dave has logged in to the local computer, and the remote computer has connected using the same user credentials from IP address Because the connection from the remote computer is successful, and it is listening for connections, we can try to connect to the remote computer from the local one.
The remote computer is listening on port on the local computer. So—somewhat counter-intuitively—to make a connection to the remote computer, we ask ssh to make a connection the local computer, on port That connection request will be forward to the remote computer. We are prompted for the user account password, then connected to the remote computer from the local computer.
Note that the command prompt has changed from dave sulaco to dave howtogeek. To make it more convenient to connect from the remote computer to the local computer, we can set up SSH keys. You will be prompted for a passphrase.
You can press Enter to ignore the passphrase questions, but this is not recommended. It would mean that anyone on the remote computer could make an SSH connection to your local computer without being challenged for a password. You will be prompted for the password for the user account you are logging in to, in this case, dave sulaco. The first time you make a connection request from the remote computer to the local computer, you will have to provide the passphrase.
You will not have to enter it again for future connection requests, for as long as that terminal window remains open. Then reverse it.
Comments 0.And I can join my mobile devices using Intune to get access. Is this really a problem? There are plenty of reasons why you might consider doing something similar, including:. The VM is Intune-managed, and the company is free to wipe all its data, lock me out, set arcane policies, and do whatever it wants.
It looks something like this:. Use these commands to get started:. If your company requires you to set up your VPN connection manually, do that now. Your company may need a third-party app, like GlobalProtect. If you need that - install that now too. Next up - verify that you can make an RDP connection from your VM to the box on your corporate network. Now to the interesting part - running sshd as a built-in Windows Feature. The best way to get started is to follow the official blog.
On Windows, using the Windows Subsystem for Linux is the way to go. Tunnel opened! Now, you can open an RDP session to localhostand have it forwarded all the way to the box you actually care about.
RDP has been highly tuned and optimized for many years - nested sessions included.Have you ever been in a situation where you needed to perform remote administration on a Windows Server, and the RDP port is blocked on a firewall? SSH can proxy connections both forward and backwards. It creates a secure connection between a local computer and a remote machine through which services can be relayed.
And RDP :. If you have privileges to do so of course. All connections to that port will be sent through the SSH server to the remote host. PuTTY is a nifty ssh client for Windows that you can download here. Under Source port, add your local IP address and port.
See the image:. On a side note, when you are in a situation where you are on a Linux work station and need to tunnel RDP through ssh in Linuxyou can use the following ssh port forwarding, or tunnel assuming you have an on-premise Linux server to SSH into to set up the port forward :.
Now you can connect your RDP client to Or do you need to change port forwarding options in an existing ssh connection? To ease the usage, I wrapped in a PowerShell script, that connects to my on-premise stepping-stone host with ssh :. It should print Installed. From its manpage:.
It only takes a minute to sign up. As I understand this, firewalls assuming default settings deny all incoming traffic that has no prior corresponding outgoing traffic. I would like to execute shell commands on a remote machine. The remote machine has its own firewall and is behind an additional firewall router.
It has an IP address like I am not behind a firewall and I know the remote machine's IP address as seen from the Internet not the Additionally, I can ask someone to execute ssh something as root on the remote machine first. Could anyone explain me, step by step, how reverse SSH tunneling works to get around the firewalls local and remote machines' firewalls and the additional firewall between them? What is the role of the switches -R-f-L-N? Think of your SSH connections as tubes.
Subscribe to RSS
Normally, you'll reach through these tubes to run a shell on a remote computer. The shell runs in a virtual terminal tty. But you know this part already. Think of your tunnel as a tube within a tube. You still have the big SSH connection, but the -L or -R option lets you set up a smaller tube inside it. Every tube has a beginning and an end.
All the smaller tubes have the same endpoints, except that the role of "start" or "end" is determined by whether you used -L or -R respectively to create them. You haven't said, but I'm going to assume that the "remote" machine you've mentioned, the one behind the firewall, can access the Internet using Network Address Translation NAT. This is kind of important, so please correct this assumption if it is false. When you create a tunnel, you specify an address and port on which it will answer, and an address and port to which it will be delivered.
Server Fault is a question and answer site for system and network administrators. It only takes a minute to sign up. I am trying to make a tunnel between a server and laptop with Putty.
The problem is, since the laptop has no public IP address, I have to make a reverse connection. You can add port forwards there. For reverse forward, enter source port, and destination, but choose 'Remote' instead of 'Local'.
You can do this with the -R option to ssh. It allows you to establish a connection backwards well both ways. See this page for more. Sign up to join this community. The best answers are voted up and rise to the top.
Home Questions Tags Users Unanswered. How to start a reverse tunnel with PuTTY? Ask Question. Asked 8 years, 6 months ago. Active 8 years, 6 months ago.Public IP vs. Private IP and Port Forwarding (Explained by Example)
Viewed 47k times. Chris S Ozer Ozer 1 1 gold badge 2 2 silver badges 4 4 bronze badges. Active Oldest Votes. In your case, put in to source port, localhost in the Destination, and choose Remote. Yeah, I was trying the same but I still can not connect : What can be the problem?? How did you try?
How to setup a reverse tunnel with Putty
Thanks but I want to do it with putty, is there anyway to do it with putty?? The SSH Tunnels page allows you to set it up. The Help link should describe it. Sign up or log in Sign up using Google. Sign up using Facebook. Sign up using Email and Password. Post as a guest Name. Email Required, but never shown. The Overflow Blog. The Overflow How many jobs can be done at home? Featured on Meta. Community and Moderator guidelines for escalating issues via new response….
Set up a Windows SSH tunnel in 10 minutes or less
It only takes a minute to sign up. I want to set up an SSH tunnel to run as a Windows service, I need to be able to set it up using only the command line so this counts out any software that doesn't include a command line version. If your Windows system is running an SSH server, you can establish a reverse tunnel starting the connection from the other side.
There are several SSH servers available for Windows, for example copssh. On the other side you could use autossh for making sure that the tunnel gets re-established in case that the connection between client and server is lost. In this way, instead of having to run an ssh client as a service on Windows, you'd need to run an ssh server like the one I mentioned. I haven't installed it fresh in a while so I'm trying to remember if it supports straight command line or not. You'd have to take a look.
Not a windows service, but close enough. You can have it start a saved profile from the command line with. If you login automatically with key-authentication, you can easily configure it to reconnect on disconnect and be visible only as tray icon. It can run as a service, supports certificate login, and full tunneling I use cygwin 's openssh package to do this with great success.
The openssh package includes an SSH server, sshdthat can easily be installed as a Windows service using the script ssh-host-config and then simply starting it using the Windows command net start sshd.
Complete details are omitted simply for the sake of brevity Sign up to join this community. The best answers are voted up and rise to the top. Home Questions Tags Users Unanswered.
Works great, no problem. I would like to set the tunnel up as a "persistent service" that will connect on boot up and reconnect when dropped. Exhaustive googling found a few products but many seem to have been abandoned and none appear to have major "street cred. Does anyone have experience with this type of thing or with any of these products? I don't need all the bells and whistles, just reliability. Have you considered using plink and making it a service with srvany? Use plink from PuTTY and run in a batch file.
When connection really dies, plink will exit, which means that you can run plink in a loop. I personnally use Easytunnel It works great, tho you'll need to set-up your server's inactivity timeout, or you will be disconnected every 10 minutes or so.
I use ssh tunnels a lot, but all managers were not convinient to me too many UI screens, not that stable. I wanted to have a script which can be easily cnfigurable and maintainable, so I came up with a PowerShell script for that.
Posted here. SO rules dictates me to publish solution in answer as well, so happy to do that:. Learn more. Asked 11 years, 3 months ago.
Active 1 year ago. Viewed 6k times. Active Oldest Votes. Colin Pickard Colin Pickard Igal Serban Igal Serban 9, 2 2 gold badges 31 31 silver badges 35 35 bronze badges. I agree Igal. A good, short and to-the-point tutorial can be found at xxlinxx.
Like this: :: This is a batch file. Or maybe easier: put the.