In this guide i have going to talk about how to set up a SSH Reverse proxy.
What is a Reverse SSH Proxy.
you simply tell the fire walled SSH Server to make a connection out to a SSH server on the internet and then connect to this server to tunnel back to the fire walled server.
How to set it up.
To set up a reverse SSH please follow the below.
A = Server behind the firewall you want to access.
B = The server you will connect to, to tunnel to Server A.
C = The client you are connecting from.
On Server A install AutoSSH
apt-get install autossh
Make an inital connection to Server B
ssh -p 22 root@ServerB
exit the connection made to Server B, on Server A generate a RSA Certificate
ssh-keygen -t rsa
Copy this certificate from Server A to Server B
just copy the RSA Key up to Server A with SCP
once the RSA Certificate has been copied up to Server B make another test connection to Server B, and you should not be presented with a username but will just be logged in.
ssh -p 22 root@remotehost
Create script to automate the connection to Server B, and place this script in the servers start up scripts
sudo mkdir /etc/tunnel sudo touch /etc/tunnel/tunnel.sh sudo chmod -R 700 /etc/tunnel
Place the following code in the file /etc/tunnel/tunnel.sh
#!/bin/bash autossh -M 20000 -i .ssh/id_rsa -R 222:localhost:22 root@ServerB
add the above script to the servers start up script
sudo nano /etc/rc.local
add the following code
Test the connection by typing
you should be connected to Server B
If you then create a seperate connect from Server/Client C to:
ssh -p 222 USER-ON-SERVER-A@ServerB
you should then be connected to the server behind the firewall
restart Server A and then try and make another connection to Server B which should be proxied back to Server A.
What it could be used for.
This type of connection can be used for remotely administering a server behind a firewall with out port forwarding.