SSH Tunnel Reverse Port forwarding

VPN Tunnel with SSH Port Forwarding

Linux has build in SSH from the start, Apple has also integrated Secure Shell into macOS, and Microsoft also missed OpenSSH on Windows 10 from 1803 and Server 2019 as an optional feature. There are Also SSH tunnels and SSH port forwarding from the tools known for some time like PuTTY and KiTTY. So why use SSH only as a terminal (TTY), but also as a VPN tunnel, there are useful possibilities for use, for example, if a VPN tunnel is not to possible at the firewall, or if additional software cannot be installed in corporate networks, or the right ones are missing. An SSH reverse tunnel is always useful when you cannot access a remote computer that is behind a firewall.

  Windows 10 OpenSSH client can be found in the settings, under Apps & Features – Optional Features – OpenSSH Client.

This article describes the usge of SSH as a VPN tunnel with port forwarding on OpenSSH on Linux, macOS and Windows.

SSH Tunnel to Remote Host B

Here as an example, a tunnel is built from host A to host B, host B is a web server from which the intranet page is to be opened http://192.168.111.10 on Host A. The only requirement is that there is a NAT mapping via port 22 to host B on the firewall (NAT router) and that the SSH is present on each host.

Illustration: ssh tunnel host A to host B

Run the command in the Linux terminal on Host A as follows:

On Host A, the web page can now be opened http://localhost. The SSH tunnel makes the forwarding for TCP port 80 on host B from 192.168.111.10 to the localhost 127.0.0.1 on host A, the external port is 45680.

Whereby we log on to Host B with user cherry.
The meaning of the parameters:
-L = Local port
-N = do not run a remote command
-p = External SSH port (NAT port at firewall)
-T = do not open a terminal

On host B the SSH daemon must be configured and activated, in the configuration file /etc/ssh/sshd_config the following settings are required, for many Linux distributions this is default.

  The lines commented out with the words are default values, e.g. #AllowTcpForwarding is by default yes.

SSH servers include synology NAS, FreeNAS, FreePBX Distro, OpenWrt, Raspberry Pi (Raspbian) and now Windows Server, to name a few.

SSH Tunnel to Remote Host C

In this example, an SSH tunnel is built from host A to host C, Host C is an RDS terminal server, Host B serves as a port forwarder.

Illustration: ssh tunnel host A to host C

Run the command in the Linux terminal on Host A as follows:

The Remote Desktop session to Host C is built via localhost on Host A, by pressing the Win + R key opens Run, to confirm the input mstsc /v:localhost with OK.

This example uses the tcp port 3389 for RDP as both internal and external port. All unprivileged ports (-L) higher than 1024 can be used, if a port other than 3389 is used, then the port must be passed to RDP for execution, e.g. mstsc /v:localhost:44389

For Host B, the kernel must be enabled for IP forwarding, which is command for this in the shell as root:

Alternatively, echo in the Shell Console does the same thing:

Check the current IPv4 forward status as follows:

With 1 the activation is confirmed, 0 applies to the deactivation. The change is not boot persistent, so that after the next start the IP forwarding is active again, one edisins with nano or sudo vi /etc/sysctl.conf

It is recommended to use an SSH key for authentication, a key pair can be created as follows:

The public key ~/.ssh/key_rsa.pub is stored in the user’s home path, here in this example on host B under the path in the file .ssh/authorized_keys.

Authentication using SSH keys is not only more secure, there are other advantages, for example, the user is not asked to enter a password, also the SSH tunnel and other commands can be executed from a script.

SSH Tunnel on macOS

For Apple macOS, SSH is only available after activation, and this will be executed in the terminal as follows:

After that, the SSH tunnel can be set up under macOS.

With the Remote Desktop for Mac, Gateway localhost is now registered and the RDP session is set up, in this way terminal servers are protected and can only be reached via SSH.

macOS also offers the possibility for automation and uses launchd and the launch system services, the following script is created at: @/Library/LaunchDaemons/server.hostc.client.cherry.home.plist with the following content:

OpenSSH Server Installation from PowerShell

For Windows Server 2019, the OpenSSH server can also be deployed from the PowerShell.

Leave a Reply

Your email address will not be published. Required fields are marked *