78 lines
2.2 KiB
Markdown
78 lines
2.2 KiB
Markdown
# secure-reverse-ssh-tunnel
|
|
|
|
This project provides ready-to-use tools to configure a remote host via an ssh tunnel and a jump host.
|
|
|
|
## Example
|
|
|
|
Consider this situation:
|
|
- a) Your personal computer (behind NAT)
|
|
- b) A remote machine, like an internal server (behind NAT)
|
|
|
|
To connect to your "b" machine you should configure the remote router to expose something and this should be avoided when unnecessary.
|
|
So using "c" (jump server) we can create a tunnel from "b" to "c" and connect "a" to "c" and jump to "b" securely, using SSH and our private keys.
|
|
|
|
---
|
|
## Support us
|
|
|
|
Whether you use this project, have learned something from it, or just like it, please consider supporting it by donate, so we can dedicate more time on open-source projects like this :)
|
|
|
|
<a href="https://it.liberapay.com/Unitoo/donate"><img alt="Donate using Liberapay" src="https://liberapay.com/assets/widgets/donate.svg"></a>
|
|
|
|
---
|
|
|
|
## Components
|
|
|
|
- setup-remote-host.sh: This script must be run as root after setup step
|
|
- authorized_keys: should contains the signatures you want to use for remotehost
|
|
- config: example host configuration for "a" computer
|
|
- secure-tunnel@.service: SystemD example but ready to use service
|
|
- targets/* : contains multiple targets that need to be used as jump servers
|
|
|
|
___
|
|
|
|
## Setup
|
|
|
|
Before run the script as root user, you should:
|
|
1) append signature of your ssh keys into authorized_keys
|
|
2) adjust various targets using the example provided and remove the example
|
|
3) adjust your ~/.ssh/config like the provided one
|
|
4) now you are able to run the script.
|
|
|
|
___
|
|
|
|
## Usage
|
|
|
|
### SystemD
|
|
```bash
|
|
|
|
## To enable at boot
|
|
systemctl enable secure-tunnel@<target>
|
|
|
|
## To disable at boot
|
|
systemctl disable secure-tunnel@<target>
|
|
|
|
## To start manually
|
|
systemctl start secure-tunnel@<target>
|
|
|
|
## To stop manually
|
|
systemctl stop secure-tunnel@<target>
|
|
```
|
|
|
|
___
|
|
|
|
## Tips
|
|
|
|
To check if the tunnel is active and the dedicated port is up, ssh into your jump host and run:
|
|
```bash
|
|
netstat -tupln | grep 20001
|
|
```
|
|
|
|
You should see your port associated to autossh process :)
|
|
|
|
___
|
|
|
|
## License
|
|
>You can check out the full license [here](https://gitlab.com/unitoo/secure-reverse-ssh-tunnel/-/blob/master/LICENSE)
|
|
|
|
This project is licensed under the terms of the **GPLv3** license.
|