2.2 KiB
secure-reverse-ssh-tunnel
This project provides ready-to-use tools to configure a remote host via an ssh tunnel and a jump host.
Example
Consider this situation:
- a) Your personal computer (behind NAT)
- b) A remote machine, like an internal server (behind NAT)
To connect to your "b" machine you should configure the remote router to expose something and this should be avoided when unnecessary. So using "c" (jump server) we can create a tunnel from "b" to "c" and connect "a" to "c" and jump to "b" securely, using SSH and our private keys.
Support us
Whether you use this project, have learned something from it, or just like it, please consider supporting it by donate, so we can dedicate more time on open-source projects like this :)
Components
- setup-remote-host.sh: This script must be run as root after setup step
- authorized_keys: should contains the signatures you want to use for remotehost
- config: example host configuration for "a" computer
- secure-tunnel@.service: SystemD example but ready to use service
- targets/* : contains multiple targets that need to be used as jump servers
Setup
Before run the script as root user, you should:
- append signature of your ssh keys into authorized_keys
- adjust various targets using the example provided and remove the example
- adjust your ~/.ssh/config like the provided one
- now you are able to run the script as root on the remote machine "b".
Usage
SystemD
## To enable at boot
systemctl enable secure-tunnel@<target>
## To disable at boot
systemctl disable secure-tunnel@<target>
## To start manually
systemctl start secure-tunnel@<target>
## To stop manually
systemctl stop secure-tunnel@<target>
Tips
To check if the tunnel is active and the dedicated port is up, ssh into your jump host and run:
netstat -tupln | grep 20001
You should see your port associated to autossh process :)
License
You can check out the full license here
This project is licensed under the terms of the GPLv3 license.