Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
OpenWrt SSH tunnel

Short how-to for creating a reverse ssh tunnel to a remote server. Useful for breaking NATted connection for example.

  1. At OpenWrt:
opkg update
opkg install sshtunnel
  1. At remote server: create client ssh keys
ssh-keygen -b 2048 -t rsa

Move the resulting private key to OpenWrt /root/.ssh/id_rsa, and assign chmod 600.

  1. At remote server: Authorize OpenWrt client at remote server (authorized_keys)

  2. At OpenWrt: Store remote host public key as known host

ssh MYUSER@REMOTEHOST
# accept yes, and press ctrl + c
  1. At OpenWrt: Enable service (Start on bootup)
/etc/init.d/sshtunnel enable
  1. At OpenWrt: Start service
/etc/init.d/sshtunnel start
  1. At OpenWrt: configure sshtunnel

See https://wiki.openwrt.org/doc/uci/sshtunnel for more information

Example configuration

config server myremote
	option user	myuser
	option hostname	remotehost
	option IdentityFile	/root/.ssh/id_rsa
	option retrydelay	5
	option ServerAliveInterval	30
	option ServerAliveCountMax	3
	option LogLevel		DEBUG1

config tunnelR sshtunnel
	option server	myremote
	option remoteport	44423
	option remoteaddress	*
	option localport	22
	option localaddress	127.0.0.1

/etc/init.d/sshtunnel reload

@ssalonen

This comment has been minimized.

Copy link
Owner Author

@ssalonen ssalonen commented Jun 1, 2017

In order to allow binding to all interfaces, server configuration might need changing, see this comment in stackoverflow.com on GatewayPorts setting.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment