TRAVERSING NAT: HOW TO SETUP A PERMANENT TUNNEL BETWEEN YOUR PC AND A SSH SERVER SO YOU CAN CONNECT TO YOUR PC @ ANYTIME
###########################################################################################################################
Lets say you have a machine/pc/server (lets call it main_pc) that you want to connect to but its behind a NAT. Well you can setup a reverse tunnel to connect to it with. The reverse tunnel will make a tunnel from the main_pc to an ssh server (lets call it server_pc). Then when a person logs in to server_pc, they can use a command and be connected to main_pc. It would be alike to having a port forward at the firewall/router on main_pcs network that opens a port to main_pc and thus you can connect to it from everywhere – only difference between this method and open port is that your going through a tunnel and you have to enter the tunnel through server_pc.
Server_pc is accesible from everywhere, and main_pc is accessible from only main_pcs network. After this main_pc can be connected through server_pc.
Prerequesites: All of them must have ssh. Openssh-server on both servers.
——————————
ON SERVER BEHIND NAT – main_pc:
——————————
Everytime you ssh your asked for a password and that is annoying, you can make it go away with ssh keys (give main_pcs public key to server_pc) but I will use sshpass which gives the password to the ssh server automatically without a prompt stopping your actions. (It would be annoying if there was an invisible prompt stopping your boot – that is if you had this process at boot, which the last part of this section will show you)
– Make sure your root the whole time
# apt-get install sshpass
# sshpass -p ‘Your_password_at_server_pc’ ssh root@server_pc.com -R 54231:localhost:22 -tN &
Put that command in cronjob so that it launches at boot (there are lots of other ways to do this)
# crontab -e
Select vim or nano if asked for what editor you want to use.
Put this entry at bottom (no need for the typical cronjob format # # # # # or whatever, just put in @reboot and it will happen at boot everytime)
@reboot sshpass -p ‘Your_password_at_server_pc’ ssh root@server_pc.com -R 54231:localhost:22 -tN &
————————-
SSH SERVER – server_pc:
————————-
Connect to server_pc, either login to it directly physically, or just ssh into server_pc from where ever your at.
Now to connect to server behind NAT @ anytime
– You dont have to be root, but you must connect to root user
# ssh -p 54321 root@localhost
Even though localhost is the server_pc, the port 54321 is a direct tunnel to main_pc… so we are not connecting to root@server_pc we are actaully connecting to root@main_pc