May 28, 2010

Last Updated on May 28, 2010

View our free cybersecurity resources »

Ever need to work on a remote computer which is behind a typical firewall. Well if there is no inbound connectivity, you can play a bit of leap frog using ssh in order to gain access to that server. Here’s a quick example.
For this example we’ll assume you are sitting at Host A and would like to have access to Internal Host C. Both firewalls are assumed to allow ssh traffic out.
Our goal here is to have the Internal Host C machine start an ssh session to External Host B (which is on the internet).
SSH -R 2200:localhost:22 User@ExternalHostB
This will start an ssh session from Internal Host C to External Host B and ask the ssh daemon to forward all traffic on External Host B’s port 2200 back to Internal Host C’s port 22 over the established ssh session.
Now If I were on External Host B, to get a shell on Internal Host C all I’d have to do is:
SSH -p 2200 User@localhost
Now the USER in the above statement would have to be a valid user on Internal Host C, not External Host B.
To connect from Host A to Internal Host C you can do several things. The easiest is to leap frog.
SSH USER@ExternalHostB
SSH -p 2200 USER@localhost
The first session opens a shell on External Host B. The second opens a shell on Internal Host C by connecting to the reverse shell we started in the first command.
This has been a simple reverse shell ssh post. Stay tuned for more port forwarding fun.