(Note that if you intend to leave a connection open long term, unattended, possibly having it automatically refresh the connection when it goes down (by parsing ssh -O check ), I recommend using a separate, unique SSH key for it that you set up for just this tunnel/customer/server, especially if you are using RemoteForward.
#WINDOWS REVERSE SSH TUNNEL PASSWORD#
There will be a password challenge unless you have set up a key for a passwordless login. -T disables pseudo-tty allocation, which is appropriate because you're not trying to create an interactive shell.If all you're creating is a tunnel, then including this option saves resources.
-N says that you want an SSH connection, but you don't actually want to run any remote commands.-f tells ssh to background itself after it authenticates, so you don't have to sit around running something like sleep on the remote server for the tunnel to remain alive.your ssh client in this case, on the target host). Anything that attaches to port 22222 on the far end of the tunnel will actually reach "localhost port 22", where "localhost" is from the perspective of the exit point of the tunnel (i.e. This tells the client on your target host to establish a tunnel with a -Remote entry point. Of the two models shown above, you want the one on the right.įrom the firewalled host: ssh -f -N -T -R22222:localhost:22 To be able to SSH from the Internet into a host behind a firewall, you need the target host to open an SSH connection to a host on the outside and include a -R tunnel whose "entry" point is the "remote" side of its connection. The -R option tells the tunnel to bind on the remote side (the SSH server). The -L option tells the tunnel to bind on the local side of the tunnel (the host running your client). When you create a tunnel, you specify an address and port on which it will answer (or "bind"), and an address and port to which it will be delivered. This is kind of important, so please correct this assumption if it is false.) (You haven't said, but I'm going to assume that the "remote" machine you've mentioned, the one behind the firewall, can access the Internet using Network Address Translation (NAT). All the smaller tubes have the same endpoints, except that the role of "start" or "end" is determined by whether you used -L or -R (respectively) to create them.
The big tube, your SSH connection, started with your SSH client and ends up at the SSH server you connected to. Your ssh remote shell actually communicates with you using one of these smaller, embedded tubes attached to stdio.Įvery tube has a beginning and an end. You still have the big SSH connection, but the -L or -R option lets you set up a smaller tube inside it. Think of your tunnel as another tube within a tube. The shell runs in a virtual terminal (tty) through that tube. Normally, you'll reach through these tubes to run a shell on a remote computer. I love explaining this kind of thing through visualization.
0 kommentar(er)
