Another SSH tunneling trick - to get you ssh into your blocked server from the outside world

I wrote a blog post about SSH tunneling 4 years ago at this. Today I will show you another trick that gets you into the server behind firewalls.

Normally, corporate's firewalls will block all the incoming ports except port 80 and 443 which are using for accessing the web servers. So, here are how to can get access to the servers from outside (assuming you have access to the server you want to connect to from inside the corporate network):

1. If the server you want to connect to doesn't have anything web or anything running on port 80/443, you just need to change its's ssh config to let sshd runs on port 80/443.

sudo nano /etc/ssh/sshd_config

...
Port 80
...
sudo systemctl restart ssh

2. If your server already has a web or a server that runs on port 80/443, use another server that you can access from inside the network and free of port 80/443. 

Then establish the tunnel, assuming:

  • server.A.com: the server that I have access from inside the network
  • server.B.com: the server that I want to connect to from outside (I also have access to this server from inside)
  • 80: the port I want to open on server.A.com
  • 22: ssh port of server.B.com
  • serverAuser: a user on server.A.com
  • serverBuser: a user on server.B.com

a. Run this command on server.A.com

sudo ssh -L 0.0.0.0:80:server.B.com:22 serverAuser@server.A.com

b. From a computer outside the corporate network run this command to ssh to server.B.com

ssh serverBuser@server.A.com -p 80







Comments