🖥️autossh

➡️This is a command-line reference manual for commands and command combinations that you don’t use often enough to remember it. This cheatsheet explains the autossh command with important options and switches using examples.

▁ ▂ ▃ ▄ ꧁ 🔴☠ COMMANDLINE-KUNGFU WITH CHEATSHEETS ☠🔴꧂▅ ▃ ▂ ▁

#   █████╗ ██╗   ██╗████████╗ ██████╗ ███████╗███████╗██╗  ██╗
#  ██╔══██╗██║   ██║╚══██╔══╝██╔═══██╗██╔════╝██╔════╝██║  ██║
#  ███████║██║   ██║   ██║   ██║   ██║███████╗███████╗███████║
#  ██╔══██║██║   ██║   ██║   ██║   ██║╚════██║╚════██║██╔══██║
#  ██║  ██║╚██████╔╝   ██║   ╚██████╔╝███████║███████║██║  ██║
#  ╚═╝  ╚═╝ ╚═════╝    ╚═╝    ╚═════╝ ╚══════╝╚══════╝╚═╝  ╚═╝

# Reverse SSH Tunneling
# 2 Minuten
# Howtoforge
# Reverse SSH Tunneling

# Have you ever wanted to ssh to your Linux box that sits behind NAT? You can to that by using reverse SSH tunneling. This document will show you step by step how to set up reverse SSH tunneling. The reverse SSH tunnel should work fine with any Unix like system.
# Setup a Reverse SSH Tunnel

# Let's assume that Destination's IP is 192.168.20.55 (Linux box that you want to access).
# You want to access from Linux client with IP 138.47.99.99.
# Destination (192.168.20.55) <- |NAT| <- Source (138.47.99.99)

# 1. SSH from the destination to the source (with public IP) using the command below:
ssh -R 19999:localhost:22 [email protected]
# * port 19999 can be any unused port.

# 2. Now you can SSH from source to destination through SSH tunneling:
ssh localhost -p 19999

# 3. 3rd party servers can also access 192.168.20.55 through Destination (138.47.99.99).
# Destination (192.168.20.55) <- |NAT| <- Source (138.47.99.99) <- Bob's server
# 3.1 From Bob's server:
ssh [email protected]

# 3.2 After the successful login to Source:
ssh localhost -p 19999
# * the connection between destination and source must be alive at all time.
# Tip: you may run a command (e.g. watch, top) on Destination to keep the connection active.

# Step 1
# I recommand to use ssh option -f to detach ssh process from the tty and -N to not execute any command over ssh (the connexion is just used for port forwarding)
# Using key authentication (option -i) is quite better too and make this command to be run within a boot script (like /etc/rc.local) :
ssh -i /path/to/priv/key/id_rsa -f -N -R 19999:localhost:22 [email protected]

# Step 3
# In your example, you have to give a shell access to 138.47.99.99 to a foreign user (bob) in order to let him connect to destination.

# If bob does not need any shell access to 138.47.99.99, you can specify the remote port forwarder to listen on one specific interface or any (instead of 127.0.0.1 by default) :
ssh -i /path/to/priv/key/id_rsa -f -N -R *:19999:localhost:22 [email protected]

# But take care this last command makes the destination UNIX system being exposed to Internet via 138.47.99.99. IP filtering and/or a knockd daemon are recommanded on 138.47.99.99 if you do not want an internal server being scanned.

# Then you would d have to use another computer/server as an intermediary(aka:middleman). 

# -Reverse SSH from the Target PC to the middleman:
ssh -R {PortOnMiddlePC}:localhost:{PortOnTargetPC} {UserOnMiddlePC}@{IPofMiddlePC}
ssh -R 19999:localhost:22 [email protected]

# -Now from the Client PC pull the port down from the middleman:
ssh -L {PortOnClientPC}:localhost:{PortOnMiddlePC} {UserOnMiddlePC}@{IPofMiddlePC}
ssh -L 19999:localhost:19999 [email protected]

# -Now you can ssh the Target PC from the Client PC:
ssh localhost -p {PortForwardedFromTargetPC}
ssh localhost -p 19999 

# A better way is to set it up in your ~/.ssh/config file:
        # Host remotehost
          # Hostname remotehost.org
          # User remoteuser
          # HostKeyAlias remotehost
          # ConnectionAttempts 3
          # TCPKeepAlive no
          # CheckHostIp no
          # RemoteForward 20023 localhost:22
          # RemoteForward 2221 lhost1:22
          # RemoteForward 2222 lhost2:22
          # RemoteForward 2389 lhost3:389
          # RemoteForward 2390 lhost4:389
          # RemoteForward 2391 lhost5:389
          # RemoteForward 20080 lhost6:80
          # RemoteForward 20443 lhost6:443
          # LocalForward 3001 remotehost:3000
          # LocalForward 8001 remotehost:8000
          # ForwardAgent yes
          # ForwardX11 yes
          # Protocol 2

# http://www.harding.motd.ca/autossh/
# This can be combined autossh to make sure the connection is restarted if it ever dies. I run the following from my Debian's /etc/rc.local, called /etc/tunnel/tunnel.sh:

 #!/bin/bash
HOSTNAME=$(hostname)
SSH_OPTIONS="-i /etc/tunnel/$HOSTNAME.key"
# Always assume initial connection will be successful
export AUTOSSH_GATETIME=0
# Disable echo service, relying on SSH exiting itself
export AUTOSSH_PORT=0

autossh -f -- $SSH_OPTIONS -o 'ControlPath none' -R 19999:localhost:22 [email protected] -fN

#-----------------------------------------------------------------------///
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░