Q: Have a Linux on device in appartment A, which can go outside of local router to Internet. Have a Linux on device in appartment B located in another place on the globe. How it's possible to reach Linux A from Linux B via ssh when access to router A is prohibited?
- https://askubuntu.com/questions/716184/how-to-ssh-into-a-server-running-on-a-home-network-behind-a-router
- https://superuser.com/questions/595989/ssh-through-a-router-without-port-forwarding
- https://ubuntuforums.org/showthread.php?t=1913720
- https://community.spiceworks.com/t/ssh-from-wired-machine-to-machine-on-wifi/206099
- https://ngrok.com/docs/agent/ssh-reverse-tunnel-agent/
- https://www.endtoend.ai/tutorial/ngrok-ssh-forwarding/
- https://arturo-source.github.io/posts/ssh-reverse-tunneling/
- https://localhost.run/
- https://github.com/anderspitman/awesome-tunneling
- https://github.com/rapiz1/rathole - lightweight and high-performance reverse proxy for NAT traversal, an alternative to frp and ngrok
- https://github.com/warp-tech/russh/blob/main/russh/src/server/mod.rs#L506
- https://github.com/7tunnels7/reverse-shell
- https://nest.pijul.com/pijul/thrussh:main/KGIUIQYIBBUEG.C4AAA - remote_shell_call.rs
- https://github.com/warp-tech/russh
- https://github.com/agrinman/tunnelto
- https://github.com/kw7oe/rok
- https://github.com/vaperion/reverse-proxy
- https://github.com/hendrikboeck/ant-rs
- https://github.com/ekzhang/bore
- https://github.com/narrowlink/narrowlink
A1: Yes, it's possible to reach Linux A from Linux B via ssh even when access to router A is prohibited. You can use a tool called Ngrok, which can bypass NAT mapping and firewall restrictions by creating a long-lived TCP tunnel from a subdomain on ngrok.com to the local machine. This way, anyone can make requests to your local server with the unique ngrok tunnel address.
Another option is to use a tool like Serveo. With Serveo, you can set up forwarding on the server and then connect to your SSH server using the unique alias provided by Serveo. This method doesn't require any port forwarding or changes in router config.
Additionally, you can use a reverse tunnel with ssh. This involves setting up ssh from your "Linux A" to a remote server "my_other_server" that both servers can get to. You would use ssh remote port forwarding to open port 8022 on "my_other_server", which will forward back to "Linux A" on port 22. From "my_other_server", you can then ssh to "Linux A" by connecting to itself on port 8022, which is forwarded to "Linux A".
Overall, there are several ways to reach Linux A from Linux B via ssh even when access to router A is prohibited.
A2: Sure, you can achieve this by using a reverse SSH tunnel. Here's a simple way to do it:
On Linux B, run the following command:
ssh -R 2222:localhost:22 user@LinuxA
Replace user with your username on Linux A. This command will create a reverse tunnel from Linux B to Linux A, forwarding connections to port 2222 on Linux A to port 22 (the SSH port) on Linux B.
Now, from Linux A, you can SSH into Linux B by running:
ssh -p 2222 localhost
This will connect you to Linux B via the reverse tunnel.
Please note that this method requires that Linux B has a public IP address or a hostname that is accessible from the internet. If Linux B is behind a router or firewall, you may need to configure port forwarding on that device to allow incoming connections to Linux B.
Also, keep in mind that this method creates a direct connection between Linux A and Linux B, so it's important to ensure that the connection is secure. You can do this by using SSH keys for authentication and by enabling SSH key-based authentication on both Linux A and Linux B.
Finally, if you're concerned about the security of your connection, you may want to consider using a VPN or a secure tunneling service like Ngrok or Serveo to create a secure connection between Linux A and Linux B. These services can provide an additional layer of security and can help you avoid the need to configure port forwarding on your router or firewall.
A3: To establish an SSH connection from Linux B to Linux A without having access to router A, you can use a technique called reverse SSH tunneling. This method involves setting up a persistent connection from Linux A to a publicly accessible intermediary server, which then allows Linux B to connect back to Linux A through this tunnel. Here's a step-by-step guide on how to achieve this:
Choose an Intermediary Server: You need a server that both Linux A and Linux B can access over the internet. This could be a server you own or a service like ngrok, serveo, or similar.
Set Up Reverse SSH Tunnel on Linux A: On Linux A, initiate a reverse SSH tunnel to the intermediary server. For example, using ngrok:
./ngrok tcp 22
This command will create a tunnel from a random subdomain provided by ngrok to port 22 (the default SSH port) on Linux A.
Alternatively, if you're using serveo, the command would be:
ssh -R myalias:22:localhost:22 serveo.net
Replace myalias with a unique identifier for your session.
Obtain the Public Address: After running the above command, ngrok or serveo will provide you with a public address and port number. This information is crucial for the next step.
Connect from Linux B to Linux A: From Linux B, use the public address provided to establish an SSH connection to Linux A:
ssh -p <port_number> <username>@<public_address>
Replace <port_number>, , and <public_address> with the actual port number, your username on Linux A, and the public address given by the intermediary service.
Automate the Process (Optional): To ensure the tunnel remains active, you can automate the process by adding the reverse SSH command to a startup script or systemd service on Linux A. This way, the tunnel will be re-established if the connection drops or the device reboots.
Security Considerations: Using a third-party service to expose your SSH server to the internet comes with security risks. It's important to secure your SSH server by using strong passwords, SSH keys, and configuring your SSH daemon to only allow certain users to connect. Additionally, consider setting up a firewall on Linux A to further restrict access.
By following these steps, you can securely connect from Linux B to Linux A without needing to configure router A or expose Linux A directly to the internet.