Setting up a reverse SSH tunnel
Takeaway: Learn to forward a port on a remote machine to a local machine while initiating the SSH tunnel from the local machine.
SSH is an extremely useful tool in that it allows you to do many things in a secure fashion that you might not otherwise be able to do. One of the things SSH allows you to do is to set up a reverse encrypted tunnel for data transfer. Typically, when you initiate an SSH tunnel, you forward a port on the local machine to a remote machine which can allow you to connect to an insecure service in a secure way, such as POP3 or IMAP. However, you can also do the reverse. You can forward a port on the remote machine to the local machine while still initiating the tunnel from the local machine.
This is useful if you have a service on the remote end that you want to have connected to something on the local machine, but you don't wish to open up your firewall or have SSH private keys stored on the remote machine. By using a reverse tunnel, you maintain all of the control on the local machine. An example usage for this would be for logging messages; by setting up a reverse SSH tunnel, you can have a logger on the remote system send logs to the local system (i.e., syslog-ng).
To set up the reverse tunnel, use:
<code>
$ ssh -nNT -R 1100:local.mydomain.com:1100 remote.mydomain.com
</code>
What this does is initiate a connection to remote.mydomain.com and forwards TCP port 1100 on remote.mydomain.com to TCP port 1100 on local.mydomain.com. The "-n" option tells ssh to associate standard input with /dev/null, "-N" tells ssh to just set up the tunnel and not to prepare a command stream, and "-T" tells ssh not to allocate a pseudo-tty on the remote system. These options are useful because all that is desired is the tunnel and no actual commands will be sent through the tunnel, unlike a normal SSH login session. The "-R" option tells ssh to set up the tunnel as a reverse tunnel.
Now, if anything connects to port 1100 on the remote system, it will be transparently forwarded to port 1100 on the local system.
Delivered each Tuesday, TechRepublic's free Linux NetNote provides tips, articles, and other resources to help you hone your Linux skills. Automatically sign up today!
Print/View all Posts Comments on this article
interesting...
Jaqui | 07/12/05
|
For X programs, etc.
AlanGeek | 07/12/05
|
|
Thin Clients
jmgarvin | 07/12/05
|
Remote Syslog
mgordon@... | 07/12/05
|
|
RE: Setting up a reverse SSH tunnel
mgrollman@... | 12/20/08
|
White Papers, Webcasts, and Downloads
- Unrivaled support from Novell, now available for Red Hat Novell If Linux is going to power your mission-critical applications, you'd ... Download Now
- Twelve Ways to Reduce Costs with Microsoft(r) SQL Server(r) 2008 Microsoft Looking to squeeze the best possible value from new and existing systems? Learn 12 proven ways to save time and money using Microsoft SQL Server 2008. Download Now
- Unlocking Hidden Value from Investments in SAP NetWeaver Business Warehouse IBM Organizations that have made strategic investments in SAP technology do so ... Download Now
- Nucleus Research Guidebook: Leveraging Value from SAP with IBM Cognos IBM Are you an SAP user preparing to invest in business intelligence (BI) or ... Download Now
- Top 7 Things You Should Know About Activation and Genuine Windows Microsoft As an IT Pro, you should be aware that volume activation is a required ... Download Now
Article Categories
- Security
- Security Solutions, IT Locksmith
- Networking and Communications
- E-mail Administration NetNote, Cisco Routers and Switches
- CIO and IT Management
- Project Management, CIO Issues, Strategies that Scale
- Desktops, Laptops & OS
- Windows 2000 Professional, Microsoft Word, Microsoft Excel, Microsoft Access, Windows XP,
- Data Management
- Oracle, SQL Server
- Servers
- Windows NT, Linux NetNote, Windows Server 2003
- Career Development
- Geek Trivia
- Software/Web Development
- Web Development Zone, Visual Basic, .NET
