Have you ever needed to SSH into a firewalled computer where you don’t have control over the firewall? Well by creating a tunnel from your this protected machine to your machine at home you can punch a tiny SSH sized hole in that firewall.
This is what you’re going to need for this to work
- You need to have a SSH server running on both machines.
- You need to be able to SSH to that machine from the protected computer
All you need to do is run this command on the protected machine
ssh -l login -nNT -R 1200:xxx.xxx.xxx.xxx:22 yyy.yyy.yyy.yyy
Replace “login” with your SSH username
Replace xxx.xxx.xxx.xxx with the IP or hostname of the protected computer
Replace yyy.yyy.yyy.yyy with the IP or hostname of your home computer
Now lets break this command down
the -l is to specify the login name for this SSH session.
the -nNT This just keeps the session on this end clean by disabling the allocation of a pseudo-tty not running any commands on connect and disabling input.
the 1200:xxx.xxx.xxx.xxx:22 is very important. This is the magic this means that once we connect we’re going to open a tunnel back through the SSH session on port 1200 (on the end of your home computer) that connects to port 22 (On the end of the protected computer).
Now once you execute this command. You should get a password prompt. Enter your SSH password and hit return. The tunnel should now be active. Make sure to keep this window open and running as if it closes your tunnel closes with it. You can get around this with tools like screen but that’s beyond the scope of this post.
Now to test it all out go to your home machine and type the following command to SSH over the tunnel to your protected computer
ssh -p 1200 username@localhost
make sure to replace “username” with the SSH user on your protected machine. Again you should be prompted for your password for “username” and if all goes well you should now be SSH’d into your protected machine.
There’s a ton of ways you can build on this simple trick. If there’s any interest some may be covered in future posts.
As always if you have any questions or trouble with this post please post them in the comments below.