Bust that pesky corporate firewall

Posted by LiamM on Aug 25, 2008 in CLI tricks, Linux, Tech |

Have you ever needed to SSH into a firewalled computer where you don’t have control over the firewall? Well by creating a tunnel from your this protected machine to your machine at home you can punch a tiny SSH sized hole in that firewall.

This is what you’re going to need for this to work

You need to have a SSH server running on both machines.
You need to be able to SSH to that machine from the protected computer

Simple yes?

All you need to do is run this command on the protected machine

ssh -l login -nNT -R 1200:xxx.xxx.xxx.xxx:22 yyy.yyy.yyy.yyy

Replace “login” with your SSH username
Replace xxx.xxx.xxx.xxx with the IP or hostname of the protected computer
Replace yyy.yyy.yyy.yyy with the IP or hostname of your home computer

Now lets break this command down

the -l is to specify the login name for this SSH session.
the -nNT This just keeps the session on this end clean by disabling the allocation of a pseudo-tty not running any commands on connect and disabling input.

the 1200:xxx.xxx.xxx.xxx:22 is very important. This is the magic this means that once we connect we’re going to open a tunnel back through the SSH session on port 1200 (on the end of your home computer) that connects to port 22 (On the end of the protected computer).

Now once you execute this command. You should get a password prompt. Enter your SSH password and hit return. The tunnel should now be active. Make sure to keep this window open and running as if it closes your tunnel closes with it. You can get around this with tools like screen but that’s beyond the scope of this post.

Now to test it all out go to your home machine and type the following command to SSH over the tunnel to your protected computer

ssh -p 1200 username@localhost

make sure to replace “username” with the SSH user on your protected machine. Again you should be prompted for your password for “username” and if all goes well you should now be SSH’d into your protected machine.

There’s a ton of ways you can build on this simple trick. If there’s any interest some may be covered in future posts.

As always if you have any questions or trouble with this post please post them in the comments below.

If you enjoyed this post, make sure you subscribe to my RSS feed!

About Me

Hi everyone. My name is Liam I'm a Linux Server Admin and all around Geek residing in the suburbs of Vancouver Canada. I like to tinker and find interesting ways of doing things, modifying hardware and/or software, discovering new and or useful software. This blog is has a little of everything. How-To's, Reviews and Opinions. I hope to see you back often. Cheers