Introduction
Have you ever wanted to run (remote) commands on a computer that sits behind a natted firewall, i.e., your computer at home that has a private IP (in the 10.x.x.x or 192.168.x.x range) from another server (Perhaps, from your server at work)?One issue, for your connecting to your server, is that your home computer's IP not directly accessible from the public internet. Your internet provider, e.g., ATT or Comcast, may have a cable modem that has a public IP Address (which you can see at http://www.whatismyip.com/), but that public aka WAN IP Address does not get you all the way to your computer.
One solution is to leverage ssh's reverse port forwarding feature to open a terminal session to your work server, which has a static IP address. This will open an SSH tunnel through which you can later push commands from your work server to your home computer.
Assumptions
Your work server name is workserver. Note: You can put this convenience domain name in your /etc/hosts file s.t., you don't have to enter that IP Address over and over again.
The (reverse) port number used for pushing commands from your work server to your home computer is 20022.
The port number that you have configured to accept SSH requests on your work server is 30022.
Commands
Run the following command to open the magical reverse tunnel:[username@homecomputer ~]$ ssh -R 20022:localhost:22 workserver -p 30022
[username@workserver ~]$ ssh localhost -p 20022 "echo 'I am running on `hostname`' "
This will print: I am running on homecomputer
Debugging SSH
When working with SSH it is often helpful to run the SSH client and SSH server daemon in debug mode.
Debugging SSH Client
Just put the -v parameter to turn on verbose output:ssh -v localhost -p 20022
Debugging SSH Daemon
Run the SSH Server in debug mode:[root@homecomputer ~]# /usr/sbin/sshd -d
Back to Normal
Run the SSHD normally:[root@homecomputer ~]# /etc/init.d/sshd reload
No comments:
Post a Comment