SSH is an age-old technology used by network administrators to remotely log into servers. With a few clever tricks, it can also be used to bypass most firewalls, and open up ports on the local network. All that is required on the target machine is an SSH client.
The key to bypassing firewalls is using a technology called reverse tunneling. Reverse tunneling basically sends data backwards over the Internet. Most people use the Internet as clients, creating tunnels out into the Internet. Reverse tunneling creates those same tunnels backwards, allowing clients to access data on firewall-protected servers.
The first step is to create a publicly accessible SSH server on an independent network. The SSH port (22) needs to be publicly accessible, so that the target PC can connect to it over the Internet. Since there are very few good, free SSH clients on Windows, the easiest solution is to create a virtual Linux machine to run the SSH tunnel. Using Oracle’s VirtualBox software, an Ubuntu Linux distribution can be quickly installed on a Windows PC, and comes with a built-in SSH server.
Once the SSH server is up and running, and has been tested for remote access, the next step is to download an SSH client to the target machine. The best Windows SSH client is Putty – and can be freely downloaded from their website.
When starting Putty, the following configuration needs to be made:
- In “Host Name”, enter the publicly accessible IP of the SSH server
- Go to “Connections”, “SSH”, and “Tunnels”
- Add a new forwarded port:
- Source Port = Target Port for Reverse Tunnel
- Destination = 127.0.0.1:[Target Port]
- Direction = Remote
- Click “Add”
- Start the SSH session and log in
At this point, the target port, or set of ports, will be mapped to the destination SSH server. This will allow clients on the remote network to access the target PC as if it was a part of their local network. Basically, this creates a private tunnel between two remote points, enabling remote administration of a firewalled machine.
SSH Tunneling is very useful in the process of software development, when you need a temporary connection to the server – new version installation, database comparison, troubleshooting using programs on your desktop, synchronization, etc.
This technique is secure from most hackers, with an encrypted connection to the target destination. Since most alternative tunneling software is complicated to set up, or requires an untrusted third party, this solution offers an easy and cost-effective way to securely bridge firewalls online.
Written by Andrew Palczewski
About the Author
Andrew Palczewski is CEO of apHarmony, a Chicago software development company. He holds a Master's degree in Computer Engineering from the University of Illinois at Urbana-Champaign and has over ten years' experience in managing development of software projects.
Google+
While working on a custom software development project we (at apHarmony Chicago) often need to make an ad-hoc connection to the server and/or run a program on our computer against a database or files on the server. Method described in the article is very useful under those circumstances.
I see you share interesting content here, you can earn some extra
money, your blog has huge potential, for the monetizing method, just search in google –
K2 advices how to monetize a website