Results 1 to 7 of 7

Thread: reverse ssh tunneling problem

  1. #1
    Just burned his ISO
    Join Date
    May 2010
    Posts
    10

    Question reverse ssh tunneling problem

    i'm trying to do a reverse ssh tunnel between two computers. here is a basic synopsis of my setup:

    i have sshd on "my.home.pc" listening at port 1999, and port forwarded to my internal IP via the router (192.168.x.x). my hosts.deny and hosts.allow are both empty. the rest of the sshd_config settings are default from BT4 liveCD. "my.work.pc" is running ubuntu 10.04 and does not have sshd installed, just the ssh client. no ports are forwarded to this PC.

    on my.home.pc, where i host the server, i generated the keys "sshd-generate", then initiated the server "/etc/init.d/ssh start". server is now listening on port 1999, and can be successfully accessed by any computer on the internet. so i connect to it from my.work.pc, and success, i login as root. everything is normal at this point. i used "ssh -R 20001:localhost:1999 -p 1999 root@my.home.pc -vv" to allow the 20001 port for listening on the reverse ssh.

    with the remote port forward setup, and successful connection, i check netstat to see if my.home.pc is listening on port 20001, and indeed it is. now this is where the problem begins. i try to reverse ssh from the host PC by typing "ssh -p 20001 workuser@localhost -vv". it fails because the connection was refused.

    this is what i see on the server end, trying to perform the reverse tunnel:
    OpenSSH_5.1p1 Debian-3ubuntu1, OpenSSL 0.9.8g 19 Oct 2007
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to localhost [127.0.0.1] port 20001.
    debug1: Connection established.
    debug1: permanently_set_uid: 0/0
    debug1: identity file /root/.ssh/identity type -1
    debug1: identity file /root/.ssh/id_rsa type -1
    debug1: identity file /root/.ssh/id_dsa type -1
    ssh_exchange_identification: Connection closed by remote host
    and then this is what appears on the work PC that is trying to accept the reverse tunnel:
    debug1: client_input_channel_open: ctype forwarded-tcpip rchan 3 win 2097152 max 32768
    debug1: client_request_forwarded_tcpip: listen localhost port 20001, originator 127.0.0.1 port 56850
    debug2: fd 7 setting O_NONBLOCK
    debug1: connect_next: host localhost ([::1]:1999) in progress, fd=7
    debug2: fd 7 setting TCP_NODELAY
    debug1: channel 1: new [127.0.0.1]
    debug1: confirm forwarded-tcpip
    debug1: channel 1: connection failed: Connection refused
    debug2: fd 8 setting O_NONBLOCK
    debug1: connect_next: host localhost ([127.0.0.1]:1999) in progress, fd=8
    debug2: fd 8 setting TCP_NODELAY
    debug1: channel 1: connection failed: Connection refused
    connect_to localhost port 1999: failed.
    debug2: channel 1: zombie
    debug2: channel 1: garbage collecting
    debug1: channel 1: free: 127.0.0.1, nchannels 2
    i also tried many variations of the remote port in the -R switch, such as -R 20001:localhost:22, (22 is also forwarded via the router). i just can't get it to work. and i've searched the first 10 pages on google for many variations in wording on my problem. many of the sites had solutions that fixed most peoples' problems, but none of them fixed mine.

    any help would be greatly appreciated at this point.

  2. #2
    Just burned his ISO mistm's Avatar
    Join Date
    May 2010
    Location
    Czech Republic
    Posts
    11

    Default Re: reverse ssh tunneling problem

    When you type "ssh -R 20001:localhost:1999 -p 1999 root@my.home.pc -vv" you just make your SSH server listening on the 20001 port as well. It is the server of your home pc, not your work pc.

    It means that when this session is opened your home computer has two ssh ports (1999 and 20001).

    Basicly it says "when someone connects to my.home.pc:20001 forward him to localhost:1999" or by other words "when someone connects to my.home.pc:20001 forward him to my.home.pc:1999"

    I think here is your problem. I am not exactly sure what is your goal since you dont have SSH server on your work pc there is nowhere to connect then to your home pc.

  3. #3
    Just burned his ISO
    Join Date
    May 2010
    Posts
    10

    Default Re: reverse ssh tunneling problem

    Thank you for the reply mistm,

    as far as what I am trying to accomplish: first i want to establish a connection to my home computer from work, using port 1999 (which I can achieve through ssh tunneling). the second half of my goal is to keep that connection alive, then head back home, and connect to my work pc while at home using port 20001 that i enabled with the -R switch.

    the underlined portion summarizes more precisely what i am trying to do.

    i should be able to do this with only my home computer hosting an ssh server, correct? the concept is that i am forcing localhost:20001 to be redirected through the established ssh tunnel so i can login to my work pc from home.

  4. #4
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    22

    Default Re: reverse ssh tunneling problem

    Your parameter is right, but as you said you do not have shhd running on your work pc. So you cannot use ssh to connect from the home pc to the work pc. There is nothing on the other side to reply to your connection.
    Last edited by Zaafiriel; 05-29-2010 at 11:47 PM.

  5. #5
    Just burned his ISO
    Join Date
    May 2010
    Posts
    10

    Default Re: reverse ssh tunneling problem

    i see, so then there is nothing wrong my method, it's just that what i am trying to achieve is not possible.

    so if sshd is required to be open on both sides, then the only usefulness in my situation is to bypass the router. thank you for the reply

  6. #6
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    22

    Default Re: reverse ssh tunneling problem

    You can still achieve your goal, but you will have to use netcat to create a reverse shell (option -e). But take note that your network admin might not like having a user using a reverse tunnel even less with a reverse shell. It is even possible the antivirus flag netcat as a dangerous program betcause it is often used by the bad guys.

    Personnally, I do something like you but my reverse tunnel is connected to the rdp port of my workstation. That allow me to connect without having to configure VPN on my linux laptop. autossh is in charge of keeping the connection alive. As I'm the network guy, that's fine with myself.

  7. #7
    Just burned his ISO
    Join Date
    May 2010
    Posts
    10

    Default Re: reverse ssh tunneling problem

    my network admin is an awesome guy. we teach each other things all the time, so he should be fine with it. i'll ask him anyway to be sure. thanks again for the help.

Similar Threads

  1. reverse shell ?
    By 13X13 in forum OLD Newbie Area
    Replies: 9
    Last Post: 11-17-2009, 10:13 AM
  2. Metasploiting for BT3 - Reverse TCP
    By phoenix910 in forum OLD BackTrack3 Howtos
    Replies: 89
    Last Post: 08-19-2009, 06:09 AM
  3. ssh tunneling via privoxy and tor
    By elight in forum OLD Newbie Area
    Replies: 14
    Last Post: 01-11-2009, 11:15 AM
  4. nmap/zenmap + ssh tunneling
    By fastboi in forum OLD Newbie Area
    Replies: 1
    Last Post: 01-07-2009, 03:54 PM
  5. Reverse IP DNS Lookup?
    By Mr-Protocol in forum OLD Newbie Area
    Replies: 4
    Last Post: 07-29-2008, 07:39 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •