question

NorbertPozsonyi-9574 avatar image
0 Votes"
NorbertPozsonyi-9574 asked azure-cxp-api edited

Create Reverse SSH Tunel for connection over NAT

Hello how can i create a working Reverse ssh tunnel like this commend should do:

 ssh -fN -R 12345:localhost:22 internediary_user@192.168.2.45


This create the process on the intermediary computer.

This code in in test state so this is the reson why i use private ip for home user. I would like to test before i try it on public server.

So the working part is: I can locate the success LISSENING port in intermediar computer named sshd.exe and with localport 1234;remote port:22.
It looks good.

But instead of adding rule for eneble 12345 port tcp on the firewall with inbould direction. The port scan from 3th Computer on the network show port is refuses conenctions.

So here i got stuck. From 3th computer say in time ssh connection attempt to connect to destination computer throught intermediary computer: Connection refused.

As far as i know it would work but not work. Naturaly the public authentication work seemless and with normal ssh completely work the login.
Althought I may locate an error when i run that command. The command not completed just run. ' _ ' blicking infinity till not close the cmd window



not-supported
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @NorbertPozsonyi-9574 ,

Apologies for the delay in response. Thank you for reaching out & hope you are doing well.

Just wanted to confirm if this setup is in Azure? And when you say NAT, where is this located?
I found this blog which might give you some reference on reverse SSH setup.

In the meantime, I will check with the Azure VM team to see if they have any further insights to provide here.

Thanks,
Gita


0 Votes 0 ·

Hello @NorbertPozsonyi-9574 ,

I'm following up on this post to check for any updates from your end.

Thanks,
Gita

0 Votes 0 ·

1 Answer

NorbertPozsonyi-9574 avatar image
0 Votes"
NorbertPozsonyi-9574 answered GitaraniSharmaMSFT-4262 commented

NAT located on the computer that i want to manage. So NAT rules only say i block and drop all inbound package but outbound still goes out. Therefore remote computer throught relay server (public ip and allowed incomming rule for manage ssh tunnel) able to connect to remote host.

So it is a Windows computer so please not send me linux commands. And it is a Home computer but the relay server is an EC2 Amazon linux server. Problame with this only that this plan allow limited network resources and what is more important the bandwith limit is so little. Only command base management without GUI has worth.

And the above command can be modify to do that:

ssh -fN -R 100.100.100.1:12345:localhost:22 intermediary_user@18.45.23.XX -P 4567

So if we interpret this it say: forward from 100.100.100.1:12345 to localhost:22 (that is the relay server internal or Nat network's address) by authentication data of relay server on 4567 ssh port (conenctions started from HOST not from client where we want to conenct back to tunnel other End-point. ).

And when we initialize the ssh connection from remote client we will call the 18.45.23.XX where gatway will forward to internal 100.100.100.1 that is return back to Host ssh tunel original end.
If we want to wrap some protocol inside the SSH tunel we also need an Loopback adapter on HOST. Tested with SMB. Connection encrypted all the way of route. The protection only depends from private key complexity, so from the key managment. Even if the network is attacked the enscripted data stay enscripted if you not cashed that sensitive information or laked wherewith able the attacker to descript anything.

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @NorbertPozsonyi-9574 ,

From your above description, I understand that your setup involves your home computer (on-premises) and EC2 Amazon linux server. This question was tagged as Azure, so I would like to know if there is any Azure component involved in your setup? If not, then we have to re-tag the question to Windows server to get better assistance on this issue.

Thanks,
Gita

0 Votes 0 ·

Hello @NorbertPozsonyi-9574 ,

I'm following up on my previous comment to check if there are any Azure components involved in your setup. Looking forward to your response.

Thanks,
Gita

0 Votes 0 ·