Reverse SSH Proxy…

Posted on by Phil

In this guide i have going to talk about how to set up a SSH Reverse proxy.

What is a Reverse SSH Proxy.

An SSH Reverse Proxy, is where you have a server behind a firewall that you want to access with out the need for port forwarding on routers and firewall.

you simply tell the fire walled SSH Server to make a connection out to a SSH server on the internet and then connect to this server to tunnel back to the fire walled server.

How to set it up.

To set up a reverse SSH please follow the below.

A = Server behind the firewall you want to access.
B = The server you will connect to, to tunnel to Server A.
C = The client you are connecting from.

On Server A install AutoSSH

apt-get install autossh

Make an inital connection to Server B

ssh -p 22 root@ServerB

exit the connection made to Server B, on Server A generate a RSA Certificate

ssh-keygen -t rsa

Copy this certificate from Server A to Server B

ssh-copy-id root@remotehost

OR

just copy the RSA Key up to Server A with SCP

once the RSA Certificate has been copied up to Server B make another test connection to Server B, and you should not be presented with a username but will just be logged in.

ssh -p 22 root@remotehost

Create  script to automate the connection to Server B, and place this script in the servers start up scripts

sudo mkdir /etc/tunnel
sudo touch /etc/tunnel/tunnel.sh
sudo chmod -R 700 /etc/tunnel

Place the following code in the file /etc/tunnel/tunnel.sh

#!/bin/bash
autossh -M 20000 -i .ssh/id_rsa -R 222:localhost:22 root@ServerB

add the above script to the servers start up script

sudo nano /etc/rc.local

add the following code

. /etc/tunnel/tunnel.sh

Test the connection by typing

./etc/tunnel/tunnel.sh

you should be connected to Server B

If you then create a seperate connect from Server/Client C to:

ssh -p 222 USER-ON-SERVER-A@ServerB

you should then be connected to the server behind the firewall

restart Server A and then try and make another connection to Server B which should be proxied back to Server A.

What it could be used for.

This type of connection can be used for remotely administering a server behind a firewall with out port forwarding.