Here we are interested to solve the following scenario:
actor User
node Proxy
node Server
User -> Proxy : SSH to Tunnel Port
Proxy -> Server : Forward SSH traffic
A user User
wants to connet to Server
(which is behind a firewall)
through a Proxy
server that will forward (using reverse tunnel) the
traffic transparently to Server
.
node Server
node Proxy
node Client
Server - Proxy
Proxy - Client
In order to achieve this, we will first create a user autotunnel
,
which will generate the tunnel. The tunnel will be valid for all the
users in the Server
system.
useradd -m -s /sbin/nologin autotunnel
https://hobo.house/2016/06/20/fun-and-profit-with-reverse-ssh-tunnels-and-autossh/ https://raymii.org/s/tutorials/Autossh_persistent_tunnels.html https://serverfault.com/questions/909026/ssh-into-remote-host-using-jump-box
ssh-keygen -t rsa -b 4096 #DONT GIVE ANY PASSWORD!!!
ssh-copy-id -i <path-to-key> <user>@<proxy-ip>
autossh -M 20001 -i <path-to-passwordless-key> -R *.:<proxy_port>:localhost:22 <user>@<proxy_address> -N
- Then try to connect to
Proxy
fromClient
- Remember to open the firewall in
Proxy
[Unit]
Description=Keep a tunnel to 'Proxy' open
After=network-online.target
[Service]
Type=forking
User=autotunnel
ExecStart=/usr/bin/autossh -f -M 20001 -i /home/autotunnel/.ssh/nopasswd_id_rsa autotunnel@<proxy_address> -R *.:<proxy_port>:localhost:22 -N
ExecStop=/usr/bin/pkill -9 -u autotunnel
Restart=always
[Install]
WantedBy=multi-user.target