SSH Reverse tunneling

SSH Reverse tunneling

A : 192.168.41.160

B : 192.168.41.157

160의 방화벽에서 들어오는 22 포트를 막아버렸을 때, A에서 reverse ssh tunnel을 구축해놓으면 B에서 언제든지 열어놓은 ssh tunnel에 접근할 수 있다. ssh 명령어의 -R 옵션을 통해 사용할 수 있다.

A

ch4rli3kop at ubuntu in ~
$ ssh -R 12345:localhost:22 ch4rli3kop@192.168.41.157
ch4rli3kop@192.168.41.157's password: 
Welcome to Ubuntu 16.04.6 LTS (GNU/Linux 4.15.0-45-generic x86_64)
​
 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage
​
84 packages can be updated.
6 updates are security updates.
​
*** System restart required ***
Last login: Fri Jun 19 11:30:35 2020 from 192.168.41.160
ch4rli3kop@ubuntu:~$ 
​

B

ch4rli3kop@ubuntu:~/Desktop$ ssh localhost -p12345
The authenticity of host '[localhost]:12345 ([127.0.0.1]:12345)' can't be established.
ECDSA key fingerprint is SHA256:dJA+T/YvaPvRDg6bAUrhVNS06oofqXCZmBLdBSizqa8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[localhost]:12345' (ECDSA) to the list of known hosts.
ch4rli3kop@localhost's password: 
Welcome to Ubuntu 18.04.3 LTS (GNU/Linux 4.15.0-101-generic x86_64)
​
 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage
​
 * MicroK8s gets a native Windows installer and command-line integration.
​
     https://ubuntu.com/blog/microk8s-installers-windows-and-macos
​
 * Canonical Livepatch is available for installation.
   - Reduce system reboots and improve kernel security. Activate at:
     https://ubuntu.com/livepatch
​
112 packages can be updated.
0 updates are security updates.
​
*** System restart required ***
Last login: Fri Jun 19 11:27:49 2020 from 192.168.41.1
​
ch4rli3kop at ubuntu in ~
$