Friday, February 25, 2011

Reverse tunneling

If the server is behind a router you can still connect to the remote server through a thing called 'reverse tunneling'. For this you have to execute a few commands from the remote system (remote system is the server). Since the router will not allow incoming packet from the local system (local system is the one which is the client) unless you made a 'tunnel' from the remote one.
Now comes the concept of port forwarding. Here, a certain port on the server is 'forwarded' to the local system, the local system can uses this port on itself (I.e localhost) as if this port is on the the remote system. Suppose port x is forwarded, then I can -
I.e I'm using x port as if it's on the remote computer, but actually I'm using localhost for it.
This port x will actually be mapped to the port on which sshd listens on the remote system.
Before you choose the port x, ensure it's not used by anyone, else port forwarding will fail.
The -R option allows you to make a reverse tunnel from the remote system, thus do the following to make the tunnel -
ssh -R ::: @
on the remote system.
example -
ssh -R 1009:localhost (or the computer itself):22
And in the client -
ssh -p 1009 remote_user@localhost
In effect this's like -
ssh -p 22
It's useful to add the -N option also, this will avoid the server from to execute a command on the host.
Another option is -T. This will disable the pseudo terminal, that is it will make no relations to the terminal of the host system, and so it will not even be able to execute commands.
If you also specify the -n option, it'll ignore all inputs from stdin.

1 comment: