Remote-access Guide

linux remote access behind firewall

by Adam Beier Published 2 years ago Updated 2 years ago
image

How to copy port to localhost?

By clicking on the copy item this port can be copied. Then simply start a local web browser and guide it to localhost: 64388 or 127.0.0.1:64388. This will open the remote web page as if you are locally logged in to the machine.

Why is port 5900 only available on local network?

Often this access to the web server port 80 or 443 or to the VNC port 5900 is only possible within the local network because the firewall is configured to block all access attempts from the outside. In many cases this is done on purpose to have an air-gap to the internet in order to protect the system. However, this can be very impractical ...

What is Reverse SSH Tunneling?

One alternative to SSH port forwarding is reverse SSH tunneling. The concept of reverse SSH tunneling is simple. For this, you will need another host (so-called relay host) outside your restrictive home network, which you can connect to via SSH from where you are. You could set up a relay host using a VPS instance with a public IP address. What you do then is to set up a persistent SSH tunnel from the server in your home network to the public relay host. With that, you can connect "back" to the home server from the relay host (which is why it's called a reverse tunnel). As long as the relay host is reachable to you, you can connect to your home server wherever you are, or however restrictive your NAT or firewall is in your home network.

What does FN do in SSH?

With -fN option, SSH will go right into the background once you successfully authenticate with an SSH server. This option is useful when you do not want to execute any command on a remote SSH server, and just want to forward ports, like in our case.

What is autossh in SSH?

For a persistent tunnel, I am going to use a tool called autossh. As the name implies, this program allows you to automatically restart an SSH session should it breaks for any reason. So it is useful to keep a reverse SSH tunnel active.

Can you use reverse SSH tunnel?

In this post, I talked about how you can use a reverse SSH tunnel to access a Linux server behind a restrictive firewall or NAT gateway from outside world. While I demonstrated its use case for a home network via a public VPS, you must be careful when applying it for corporate networks. Such a tunnel can be considered as a breach of a corporate policy, as it circumvents corporate firewalls and can expose corporate networks to outside attacks. There is a great chance it can be misused or abused. So always remember its implication before setting it up.

Can you restart a broken SSH tunnel?

That way, autossh can restart a broken reverse SSH tunnel without user's involvement.

Can you use a VPS as a relay host?

You could set up a relay host using a VPS instance with a public IP address. What you do then is to set up a persistent SSH tunnel from the server in your home network to the public relay host. With that, you can connect "back" to the home server from the relay host (which is why it's called a reverse tunnel).

Is reverse SSH tunneling the same as before?

The rest of reverse SSH tunneling related options remain the same as before.

image
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9