Score:1

Ubuntu

Creating a persistent reverse SSH connection from remote server to home client

Ctpelnar1988

6/18/23, 11:03 PM

I have a home client I would like to connect to over SSH from my remote Ubuntu server. currently I create a cron job that persistently calls out from my home client to my remote server.

So far I have tried: ssh -R 2222:localhost:22 root@<server-ip> -p 2222 and ssh -L 2222:localhost:22 root@<server-ip> -p 2222 in a cron job.

I listen on the server using nc -lvnp 2222 and I get a connection message saying Connection received on 104.136.5.228 63119 SSH-2.0-OpenSSH_8.8p1 Debian-1

I have also tried using the private key of my server to login through SSH. From the client: ssh-copy-id root@<server-ip> and ssh -i id_rsa root@<server-ip>.

Server response: root@<server-ip>: Permission denied (publickey).

But a reverse shell does not present itself. Any help in the right direction is greatly appreciated.

0 + 0

server

ssh

cron

networking

tunnel

John Ronald

6/19/23, 5:46 AM

Make sure that your ~/.ssh/authorized_keys has correct permissions

Score:2

Ubuntu

gma

6/19/23, 5:21 AM

If you want to make a ssh connection to your home-host, you need a ssh daemon running on it:

# assuming that ssh server is already installed on home-host
home-host $ sudo systemctl start sshd

You can create a persistent reverse ssh tunnel between home and remote hosts with:

home-host $ ssh -Nf -R 2222:localhost:22  remote-host

-Nf will put ssh client to background without execute any command on server.

-R 2222:localhost:22 will allocate a socket to listen at localhost:2222/tcp on remote-host. This socket will forward all packets to home-host:22/tcp via the secure connection established.

Now, connected in a terminal on remote-host, you can connect to ssh daemon running on home-host with:

remote-host $ ssh localhost -p 2222

Note that you can use this technique to connect to any network service running on home-host, not only sshd. For example, if you have a web server running on 80/tcp on home-host, it can be tunneled with:

home-host $ ssh -Nf -R 8080:localhost:80  remote-host

So, on remote-host, the magic happens with:

remote-host $ wget http://localhost:8080

0 + 0

pa4080

6/19/23, 9:28 AM

Good answer! I would add also the `-T` option which disable pseudo-terminal allocation to the `ssh` command: `ssh -TNf ...`

Score:1

Ubuntu

pa4080

6/19/23, 9:07 AM

Here is such configuration from one of the servers that I maintain. The configuration uses systemd service which is created at the client side. Also it uses autossh, so as first step we need to install it.

sudo apt install autossh

Then create SSH configuration file.

sudo nano /etc/ssh/ssh_config.d/auto-ssh-systemd-hosts.conf

Host reverse.server-name.com
    HostName 192.168.1.199
    IdentityFile /root/.ssh/server-name.com/id_rsa
    User User
    Port 2222
    LocalForward  22 127.0.0.1:2222
    RemoteForward 2222 127.0.0.1:22
    GatewayPorts yes
    Compression yes

Note the SSH key is possession of the root user, because it will be the owner of the service.
Don't forget to change the parameters Host, HostName and IdentityFile.
Here is assumed the ssh-server at the both systems listen to the custom port 2222.

At this stage you should be able to:

sudo ssh reverse.server-name.com     # or
sudo autossh reverse.server-name.com

Finally create the service.

sudo nano /etc/systemd/system/autossh-reverse-server-name.service

[Unit]
Description=Keeps an SSH tunnel to 'server-name.com' open
After=network-online.target

[Service]
User=root
ExecStart=/usr/bin/autossh -M 0 -N -q -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" reverse.server-name.com
ExecStop=/usr/bin/killall -s KILL autossh
Restart=always
RestartSec=3

[Install]
WantedBy=multi-user.target

Replace server-name.com and reverse.server-name.com with the actual values.

Now enable and start the service.

sudo systemctl daemon-reload
sudo systemctl enable autossh-reverse-server-name.service
sudo systemctl start autossh-reverse-server-name.service

In order to stop and disable the service.

sudo systemctl stop autossh-reverse-server-name.service
sudo systemctl disable autossh-reverse-server-name.service

You can get the status or restart the service by the following commands.

sudo systemctl status autossh-reverse-server-name.service
sudo systemctl restart autossh-reverse-server-name.service

The service will be restarted automatically if it hangs. On the other hand autossh will keep it alive much longer than ssh, because it also detects automatically the connection's failures.

References:

Once the service is started you should be able to:

user@server-name.com:~$ ssh localhost -p 22   # connect to the local-machine

user@local-machine:~$ ssh localhost -p 22     # connect to server-name.com

Of course you will need to provide correct authentication data to the commands.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Creating a persistent reverse SSH connection from remote server to home client

TH: การสร้างการเชื่อมต่อ SSH แบบย้อนกลับแบบต่อเนื่องจากเซิร์ฟเวอร์ระยะไกลไปยังโฮมไคลเอ็นต์

RO: Crearea unei conexiuni SSH inverse persistente de la serverul de la distanță la clientul de acasă

RU: Создание постоянного обратного SSH-соединения с удаленного сервера на домашний клиент

VI: Tạo kết nối SSH đảo ngược liên tục từ máy chủ từ xa đến máy khách gia đình

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.