Fli
11-10-2016, 10:08 PM
If we have:
A) public server with static IP address (example some rented Linux VPS with IPv4 12.123.1.250 (http://instantcpanelhosting.com/cart.php?gid=4))
or
B) server with private IP in some LAN (home computer example)
Both have Linux, or virtualized Linux via Virtualbox for example, then we can achieve private server be accessible from internet via our public server IP thanks to SSH and its reverse tunneling.
First make sure SSH is enabled, running and starting at boot:
redhat Linux (example CentOS):
chkconfig sshd on
service sshd start
debian Linux (example Ubuntu)
systemctl enable ssh
systemctl start ssh
>>> Execute on private server: <<<
ssh-keygen
ssh-copy-id root@PublicServerIPHere -p PublicServerSSHPortNumberUsually22
(sending public server key for password-less access to this local, private server)
Debian based Linux: apt-get install autossh
Redhat based Linux: Google your Linux distro and install autossh to install autossh
Establish reverse tunnel to the public server:
autossh -fN -R 7000:localhost:22 username@PublicServerIPhere -p PublicServerSSHPortNumberUsually22
If no error, then make that command run at boot:
echo "@reboot root autossh -fN -R 7000:localhost:22 username@PublicServerIPhere -p PublicServerSSHPortNumberUsually22" > /etc/cron.d/reversetunnelstart && chmod +x /etc/cron.d/reversetunnelstart
>>> Execute on public server: <<<
ssh-keygen
ssh-copy-id "127.0.0.1 -p 7000"
To login private server (example home computer) from anywhere in the world:
1) login your public server: ssh PublicServerIPHere -p PublicServerSSHPortNumberUsually22
2) once loged into public server (which has established connection to private), you can login private by cmd: ssh localhost -p 7000
Notes:
Consider adding this line to public server SSH config file (~/.ssh/config ?): ExitOnForwardFailure=yes
And then "systemctl reload sshd" ?
It may be also used as a SSH command parameter (-o "ExitOnForwardFailure yes"), but i guess it should be executed on public server, not on private one.
ExitOnForwardFailure
Specifies whether ssh(1) should terminate the connection if it cannot set up all requested dynamic, tunnel, local, and remote port forwardings, (e.g. if either end is unable to bind and listen on a specified port).
Note that ExitOnForwardFailure does not apply to connections made over port forwardings and will not, for example, cause ssh(1) to exit if TCP connections to the ultimate forwarding destination fail. The argument
must be yes or no (the default).
A) public server with static IP address (example some rented Linux VPS with IPv4 12.123.1.250 (http://instantcpanelhosting.com/cart.php?gid=4))
or
B) server with private IP in some LAN (home computer example)
Both have Linux, or virtualized Linux via Virtualbox for example, then we can achieve private server be accessible from internet via our public server IP thanks to SSH and its reverse tunneling.
First make sure SSH is enabled, running and starting at boot:
redhat Linux (example CentOS):
chkconfig sshd on
service sshd start
debian Linux (example Ubuntu)
systemctl enable ssh
systemctl start ssh
>>> Execute on private server: <<<
ssh-keygen
ssh-copy-id root@PublicServerIPHere -p PublicServerSSHPortNumberUsually22
(sending public server key for password-less access to this local, private server)
Debian based Linux: apt-get install autossh
Redhat based Linux: Google your Linux distro and install autossh to install autossh
Establish reverse tunnel to the public server:
autossh -fN -R 7000:localhost:22 username@PublicServerIPhere -p PublicServerSSHPortNumberUsually22
If no error, then make that command run at boot:
echo "@reboot root autossh -fN -R 7000:localhost:22 username@PublicServerIPhere -p PublicServerSSHPortNumberUsually22" > /etc/cron.d/reversetunnelstart && chmod +x /etc/cron.d/reversetunnelstart
>>> Execute on public server: <<<
ssh-keygen
ssh-copy-id "127.0.0.1 -p 7000"
To login private server (example home computer) from anywhere in the world:
1) login your public server: ssh PublicServerIPHere -p PublicServerSSHPortNumberUsually22
2) once loged into public server (which has established connection to private), you can login private by cmd: ssh localhost -p 7000
Notes:
Consider adding this line to public server SSH config file (~/.ssh/config ?): ExitOnForwardFailure=yes
And then "systemctl reload sshd" ?
It may be also used as a SSH command parameter (-o "ExitOnForwardFailure yes"), but i guess it should be executed on public server, not on private one.
ExitOnForwardFailure
Specifies whether ssh(1) should terminate the connection if it cannot set up all requested dynamic, tunnel, local, and remote port forwardings, (e.g. if either end is unable to bind and listen on a specified port).
Note that ExitOnForwardFailure does not apply to connections made over port forwardings and will not, for example, cause ssh(1) to exit if TCP connections to the ultimate forwarding destination fail. The argument
must be yes or no (the default).