Localhost:5000 on now leads to localhost:22 on (via tunnel) Outbound SSH set to open reverse port forward 5000:localhost:22 This allows a user on the box to connect to any box, completely disregarding any normal challenges like no static IPs, no open firewall ports, no dynamic DNS, etc. ssh -R 5000:localhost:22 ssh -R 5001:localhost:22 ssh -R 5002:localhost:22 ssh -R 5003:localhost:22 ssh -R 5004:localhost:22 ssh -p 5000Įach machine individually reaches out to one machine, opens up reverse ports forwarding to their local SSH port. My example shows one machine, but this method can be used for several machines to connect to one machine with various reverse listen ports, all of them lead back to the 22 (SSH) port on each machine. Since the boxes are going outbound, nothing needs to be changed with their network or firewall. Since you control the DNS and/or firewall on your side, that’s not a problem. In my examples below, the machine is the remote host and is the one you own.Īll of the machines will reach out to the WAN and connect to your singular machine. The machine on your side can be at your house, if you manage the DNS and/or firewall properly, or a cloud server. There are only two things you control: the machine on your side and the remote Linux machine you manage. You want an easy way to access all these boxes but there are a few problems like not managing the firewalls, not having static IPs, or not wanting to use a VPN in general. Maybe some networks you manage and some networks are managed by the someone else. These sites can be people’s houses or small businesses – a wide range of network configurations. Imagine the following scenario: you manage several Linux machines at various sites.
Persistent ssh tunnel how to#
Understanding how to set up SSH key authentication (not covered in depth).Machines starting the connection must be using systemd.
Previously I used AutoSSH – which is a great program – but I found a far easier method where systemd can manage the tunnel.
Instead of editing the existing article, I thought I’d leave it as a reference. I have written previously on this topic and I recently discovered a simplified way of doing this.
0 kommentar(er)
