How to bypass firewall and NAT with reverse SSH Tunnel

Question

I\'m trying to generate an SSH server in a machine behind a router.

First I tried to bind the SSH to my public IP address:

ssh -R 10002:localhost:22          


        

Answer 1

I recently stumbled upon the same problem, but without having root privileges on the SSH server.

As mentioned GatewayPorts yes is needed so also clients from network are able to connect to remote forwarding port on the SSH server. By default it is set to no. Thus if you don't have root privileges you cannot change SSHD settings to set GatewayPorts option to true. But in that case you can use the following workaround:

ssh -R 4041:localhost:22 myserver.com 'socat TCP-LISTEN:4040,fork TCP:127.0.0.1:4041'

socat is a great network utility which binds a TCP port 4040 on interface 0.0.0.0 so it is visible from network and redirects all traffic to the 127.0.0.1:4041 where SSHD is listening and redirecting it to your client's port 22.

Thus if somebody wants to connect your local SSH on port 22 as you described (on the client) he does:

ssh -p 4040 myserver.com 

and it works like this:

SSH client --> myserver.com:4040 (socat) --> 127.0.0.1:4041 (myserver.com, SSHD) --> SSH client port 22

socat can be either built from sources or already installed on the system. It is present in the RPMForge repositories for RHEL/CentOS (however if you don't have root privileges you cannot install it).