Al-Hikam: Hikmah 28

"Apa yang tersimpan dalam kegaiban hati, pada dunia nyata akan termanifestasi."

SSH Reverse Tunnel

Submitted by danang.wijanarko on Thu, 07/01/2010 - 14:57

Background

If you are behind such a nuisance company that is too much restriction that are not necessary doomed by their administrator. And you want to access your company intranet @ company localnet. And they only provide VPN on windows based, with propietary encryption things, but you have some of gud things. You have a pc linux in the company localnet and this pc linux is capable to do ssh to the internet.

:) Now you want to cheat behind. You want to access the company intranet from your home using your fav. linux desktop. Now you go read then. Ok it is a nut but sure you still have some boundary, see the requirement below.

Idea

Create a reverse tunnel from you pc linux @ company office to you pc linux @ home. Then create SSH VPN using this reverse tunneled.

Requirement

This article only defined how to do the reverse tunnel, not SSH VPN creation. If you interrested to do SSH VPN, go take a look @ Setting SSH VPN Tunnelling.

Ok now you meet your interest, you need an accessible pc linux @ home from internet.

To Do

Just take this script, understand it and go for it.

#!/bin/bash

# Prerequisites:
#	- ssh key already exchange on both of server
#	- must be executed as ${USER}

USER="dd"
PROVIDE_REMOTE_HOST="www.example.com"
PROVIDE_REMOTE_PORT="2222"
PROVIDE_LOCAL_PORT="22"

LOCK="/home/dd/reverse_ssh_tunnel.lck"

echo "0" > ${LOCK}

SSH="/usr/bin/ssh"
PS="/bin/ps"
KILL="/bin/kill"
GREP="/bin/grep"
AWK="/usr/bin/awk"
ID="/usr/bin/id"

CREATE_COMMAND="${SSH} -f -N -R ${PROVIDE_REMOTE_PORT}:localhost:${PROVIDE_LOCAL_PORT} ${USER}@${PROVIDE_REMOTE_HOST}"
CHECK_COMMAND="${SSH} ${USER}@${PROVIDE_REMOTE_HOST} ${SSH} ${USER}@localhost -p ${PROVIDE_REMOTE_PORT} \"echo 1 > ${LOCK}\""

/bin/date

create_reverse_tunnel() {
	${CREATE_COMMAND}
	if [ $? -eq 0 ]; then
		echo "Reverse tunnel to ${PROVIDE_REMOTE_HOST} created successfully."
	else
		echo "An error occurred creating the reverse tunnel to ${PROVIDE_REMOTE_HOST}, RC was $?."
	fi
}

${CHECK_COMMAND}
IS_LOCK=`cat ${LOCK}`
if [ ${IS_LOCK} -ne 1 ]; then
	echo "Creating a new reverse tunnel connection."

	PID1=`${PS} -ef | ${GREP} "${CREATE_COMMAND}" | ${GREP} -v grep | ${AWK} '{print $2}'`
	if [ "$PID" != "" ]; then
		${KILL} -9 $PID1
	fi

	create_reverse_tunnel
else  
	echo "The specified reverse tunnel already exists."
fi

Question

You have question ? Contact me ! :)

"Bekatul Port" Personal Enterprise Number (PEN) registered @ IANA OID

ASN.1 Notation: {iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) 30347}

Dot Notation: 1.3.6.1.4.1.1.30347

IRI Notation: oid:/ISO/Identified-Organization/6/1/4/1/30347


View Stat Counter