Skip to content

Instantly share code, notes, and snippets.

@ssalonen

ssalonen/OpenWrt SSH tunnel.md

Last active February 13, 2024 21:29
Show Gist options
  • Star 10 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
  • Save ssalonen/9755dfd631a60951a369d563bb20cd71 to your computer and use it in GitHub Desktop.
Save ssalonen/9755dfd631a60951a369d563bb20cd71 to your computer and use it in GitHub Desktop.
Download ZIP
OpenWrt SSH tunnel
Raw
OpenWrt SSH tunnel.md

Short how-to for creating a reverse ssh tunnel to a remote server. Useful for breaking NATted connection for example.

  1. At OpenWrt:
opkg update
opkg install sshtunnel
  1. At remote server: create client ssh keys
ssh-keygen -b 2048 -t rsa

Move the resulting private key to OpenWrt /root/.ssh/id_rsa, and assign chmod 600.

  1. At remote server: Authorize OpenWrt client at remote server (authorized_keys)

  2. At OpenWrt: Store remote host public key as known host

ssh MYUSER@REMOTEHOST
# accept yes, and press ctrl + c
  1. At OpenWrt: Enable service (Start on bootup)
/etc/init.d/sshtunnel enable
  1. At OpenWrt: Start service
/etc/init.d/sshtunnel start
  1. At OpenWrt: configure sshtunnel

See https://wiki.openwrt.org/doc/uci/sshtunnel for more information

Example configuration

config server myremote
	option user	myuser
	option hostname	remotehost
	option IdentityFile	/root/.ssh/id_rsa
	option retrydelay	5
	option ServerAliveInterval	30
	option ServerAliveCountMax	3
	option LogLevel		DEBUG1

config tunnelR sshtunnel
	option server	myremote
	option remoteport	44423
	option remoteaddress	*
	option localport	22
	option localaddress	127.0.0.1

/etc/init.d/sshtunnel reload

@ssalonen
Copy link
Author

ssalonen commented Jun 1, 2017

In order to allow binding to all interfaces, server configuration might need changing, see this comment in stackoverflow.com on GatewayPorts setting.

@lavinkabul
Copy link

Great article. But I have password authorization on an ssh server (Ubuntu). Is there any way to automate the connection using sshtunnel to my Ubuntu server by password?

@stokito
Copy link

stokito commented Jun 3, 2023

@lavinkabul no, it's not possible. You need to setup the Public Key Auth. It's like a password that is stored in a file. But splitted into public key id_rsa.pub and a secret id_rsa.

@stokito
Copy link

stokito commented Jun 21, 2023

The new wiki page about the sshtunnel is https://openwrt.org/docs/guide-user/services/ssh/sshtunnel
@samaaron I created a Luci app to configure the SSH tunnel openwrt/luci#6424
Could you please try it and give a feedback?

@stokito
Copy link

stokito commented Feb 13, 2024

For Ubuntu and other desktop Linux I created the https://github.com/yurt-page/sshtunnel

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment