reverse ssh middleman

ccaaee · 05-31-2013, 02:16 AM

Hi

I am trying to set up a ssh tunnel but the server is behind a firewall which I can't modify. It would seem that the obvious solution is reverse ssh tunneling and the internet is abound with tutorials. The problem is that if you're traveling around the client may also be behind a firewall.

The solution to this is the "middleman". The server connects to the middleman, opens a forwarded port then the client connects to the middleman and has access to the server via the previously opened forwarded port.

Unfortunately, the middleman I have access to does not allow port forwarding which is a necessary prerequisite.

Does anyone know of:
a) a hack
b) a free hosting service which would allow ssh with port forwarding
???

Thanks

CC

pan64 · 05-31-2013, 02:59 AM

probably your home pc or router can do the job...

ccaaee · 05-31-2013, 04:26 PM

If I happen to be in a hotel room on the other side of the world when I want to connect to the server, neither my "home pc or router" are of much use to me. This is the situation where the reverse ssh with middleman technique would seem to be the only solution.

Thanks anyway

CC

lleb · 06-02-2013, 12:54 AM

i think pan64 was saying use your home PC as the middle man server. setup either a static IP, or some form of dynamicDNS via your router and make the connection from your work to the home PC and be done with it.

if things get real nasty for you, then you could always buy a small web server that runs linux and that you have 100% control over. then you can set it up how you like for the reverse ssh connection. heck for something like that you could probably get it for as little as 10-20$ month.

or better yet, have your company provide you with a road warrior VPN connection.

allend · 06-03-2013, 08:55 PM

The solution is to use a dynamic DNS address as the 'middleman'. The server behind the firewall is set to call out to the dynamic DNS address. (I use a cron job on the server to run a script based on that here http://www.brandonhutchinson.com/ssh_tunnelling.htmlto do this.) The client updates the dynamic DNS address when you connect to the internet from the location from where you want to use the tunnel.
Possible problems are:
- traffic on the standard SSH port may not be allowed. Consider (ab)using the HTTPS port instead.
- if the internet connection is broken during a tunnelled session, you need to stop and restart the sshd daemon on the client, then wait for the server to connect again.