We can avoid this risk in the following way. This scenario is suboptimal, because an attack vector exists for, since vps.domain:2210 creates a tunnel to the office machine. Now, we can access the office computer from using This is only possible because your office machine initiated the connection, otherwise the firewall would have blocked it. This means that when traffic is directed to this port, it gets encapsulated by SSH and sent from vps.domain:22 to :init_port then unpacked and sent to localhost:22 ( 's 127.0.0.1). The result is that the port 2210 is open on the internet network interface of vps.domain. In the previous way we can control which interface is reachable. Save the file and restart the sshd service.Īn alternative could be to just enable GatewayPorts by typing On instead of clientspecified, however that would route any SSH tunnel to the network interface. To enable the reverse SSH on the office, the VPS server must listen on the network interface connected to the Internet, otherwise it will listen on 127.0.0.1, so we have to enable GatewayPorts in the SSH configuration.īy default it is disabled so we can enable them: The VPS server then automatically reverse SSH connects the given port to the office computer. Additionally, on the other side (at home) forward a local port to the VPS server. What we want to do is a reverse SSH connection from the office computer to the VPS server. In order to use SSH, youll need to download a special client. Your home computer may not run at all times, so you would like to use a virtual private server (VPS) which is always online as an intermediate (call it vps.domain). Ill start with Windows as the process is a little more complicated than on Mac OsX or Linux. You can now start an SSH session on your home computer: Since your office machine initiates an SSH session with your home machine on port 22, everything from 2210 travels back to your office computer. You set up a SOCKS 5 tunnel in 2 essential steps. This guide is for Linux/Mac OSX users that have direct access to a terminal, but the same logic applies to PuTTy on Windows too. The traffic from port 2210 is thereafter redirected through to the port used by in order to initiate the connection. It’s an SSH tunnel on steroids through which you can easily pass HTTP and HTTPs traffic. This opens a listening port (2210) on your home computer. Since the office firewall does not allow you to connect directly from your home computer to the office, you must initiate the connection from the office computer. You wish to setup an SSH connection from your home computer to your office computer. We have an office computer ( ) behind its office firewall and your home computer ( ).
0 Comments
Leave a Reply. |