MULTIPLE SSH REVERSE TUNNELS

Multiple SSH Reverse Tunnels


Docker-SSH-Reverse-Tunnel

SSH Reverse Tunnels can be used to link multiple Linux Machines together. This can be useful if for example you have a home network that is Double NAT’ed and you can’t access ports on your home's Public IP Address. You can use SSH to "Tunnel Out" and then connect to one or indeed multiple Linux Machines in the outside world.

For test purposes I'll demonstrate this using 3 Docker Containers however the same procedure would work on real Linux machines obviously.

We first have to set up a new Docker Container and install SSH onto it:

docker pull Ubuntu
docker run -it ubuntu
Inside the new Docker Container type the following:
apt-get update
Now install oppenssh:
apt-get install openssh-server
service ssh status
service ssh restart
Install nano:
apt-get install nano
nano /etc/ssh/sshd_config
comment out the following line:
PermitRootLogin without-password
Just below it, add the following line:
PermitRootLogin yes
Then restart SSH:
service ssh restart
Setup a password for user "root"
passwd root
=>For test purposes use a simple password like say:
123
Then exit:
exit

Now find the above Docker Container ID Information via:
docker ps -a
This will give you the Container ID (e.g. d9645f474b1c)

Save this Docker Container to a new Docker Image called miniaturelinux/ubuntu-ssh (where d9645f474b1c is the container ID):
docker commit -m "Container with SSH" -a "Docker Reverse Tunnel" d9645f474b1c miniaturelinux/ubuntu-ssh

Clean up:
docker stop $(docker ps -a -q) && docker rm $(docker ps -a -q)

[Note in this example, the Host Machine running Docker has an IP Address of 192.168.10.10]

Now run 3 instances of the newly created Docker Image (i.e. 3 Containers):

Terminal Tab #1[uses Host Machine's Port 1222)
docker run -p 1222:22 -it miniaturelinux/ubuntu-ssh
service ssh start
ssh -v -R 3333:localhost:22 192.168.10.10 -p 2222
Terminal Tab #2[uses Host Machine's Port 2222)
docker run -p 2222:22 -it miniaturelinux/ubuntu-ssh
service ssh start
ssh -v -R 3333:localhost:3333 192.168.10.10 -p 3222
Terminal Tab #3[uses Host Machine's Port 3222)
docker run -p 3222:22 -it miniaturelinux/ubuntu-ssh
service ssh start
ssh localhost -p 3333

Docker-Containers-SSH-Reverse-Tunnel

After running the command ssh localhost -p 3333 you will be SSH’ed into Container 1 [c882bde3ae0f] via the 2 SSH Reverse Tunnels that were just setup.

If you now break one of the Tunnels (e.g. in Terminal Tab#2 press CTRL-C to terminal the SSH Reverse Tunnel) then you will note that the connection in Terminal Tab #3 to Container 1 is destroyed (as you destroyed the Tunnel).

10 SSH Reverse Tunnels

The above example can easily (and very quickly) be extended to use many more tunnels thanks to Docker. Here is the above modified to use 10 tunnels (i.e. n = 11):
Docker-Containers-SSH-Reverse-Tunnels

Clean up:
docker stop $(docker ps -a -q) && docker rm $(docker ps -a -q)


Terminal Tab #1[uses Host Machine's Port 1222)
docker run -p 1222:22 -it miniaturelinux/ubuntu-ssh
service ssh start
ssh -v -R 3333:localhost:22 192.168.10.10 -p 2222
Terminal Tab #2[uses Host Machine's Port 2222)
docker run -p 2222:22 -it miniaturelinux/ubuntu-ssh
service ssh start
ssh -v -R 3333:localhost:3333 192.168.10.10 -p 3222
Terminal Tab #3[uses Host Machine's Port 3222)
docker run -p 3222:22 -it miniaturelinux/ubuntu-ssh
service ssh start
ssh -v -R 3333:localhost:3333 192.168.10.10 -p 4222
Terminal Tab #4[uses Host Machine's Port 4222)
docker run -p 4222:22 -it miniaturelinux/ubuntu-ssh
service ssh start
ssh -v -R 3333:localhost:3333 192.168.10.10 -p 5222
Terminal Tab #5[uses Host Machine's Port 5222)
docker run -p 5222:22 -it miniaturelinux/ubuntu-ssh
service ssh start
ssh -v -R 3333:localhost:3333 192.168.10.10 -p 6222
Terminal Tab #6[uses Host Machine's Port 6222)
docker run -p 6222:22 -it miniaturelinux/ubuntu-ssh
service ssh start
ssh -v -R 3333:localhost:3333 192.168.10.10 -p 7222
Terminal Tab #7[uses Host Machine's Port 7222)
docker run -p 7222:22 -it miniaturelinux/ubuntu-ssh
service ssh start
ssh -v -R 3333:localhost:3333 192.168.10.10 -p 8222
Terminal Tab #8[uses Host Machine's Port 8222)
docker run -p 8222:22 -it miniaturelinux/ubuntu-ssh
service ssh start
ssh -v -R 3333:localhost:3333 192.168.10.10 -p 9222
Terminal Tab #9[uses Host Machine's Port 9222)
docker run -p 9222:22 -it miniaturelinux/ubuntu-ssh
service ssh start
ssh -v -R 3333:localhost:3333 192.168.10.10 -p 10222
Terminal Tab #10[uses Host Machine's Port 10222)
docker run -p 10222:22 -it miniaturelinux/ubuntu-ssh
service ssh start
ssh -v -R 3333:localhost:3333 192.168.10.10 -p 11222
Terminal Tab #11[uses Host Machine's Port 11222)
docker run -p 11222:22 -it miniaturelinux/ubuntu-ssh
service ssh start
ssh localhost -p 3333

Also I should mention that on your Host Machine, you can view the open ports being used by these Docker Containers via typeing:
netstat –ntlp


For a more robust production like scenario you would want to use something like -nNTf e.g. like this (i.e. no verbose output etc)
ssh -nNTf -R 3333:localhost:3333 192.168.10.10 -p 3222

Where:
-n: Redirects stdin from /dev/null (actually, prevents reading from stdin). This must be used when ssh is run in the background.
-N This is useful for just forwarding ports (protocol version 2 only).
-T Disable pseudo-tty allocation.
-v Verbose mode. Causes ssh to output debugging messages about its progress.





Linux Examples - Comments
About Us | Cookie Policy | Disclaimer | Contact Us © 2024 MiniatureLinux.com All Rights Reserved.