aljaz/bitcoin-tutorials
1
1
Fork 0
mirror of https://github.com/openoms/bitcoin-tutorials.git synced 2025-12-20 05:14:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
ac5812f98c7dfc75b2dfc84b0c70bedaae2d34ea
bitcoin-tutorials/ssh_tunnel.md
openoms 30c299065d ssh_tunnel: fix link
2019-12-16 08:36:01 +00:00

92 lines
2.7 KiB
Markdown
Raw Blame History

# Forward ports with a reverse SSH tunnel
## Advantages:
* no port forwarding needed on the LAN of the host
* encrypted connection
* hides the IP of the host
## Requirements:
* a Virtual Private Server (VPS) - eg. a minimal package on Lunanode for ~3.5$/month
* root access on the VPS - only root can forward ports under no. 1000
* ssh access to the host computer (where the ports will be forwarded from)
## On the host computer
* Check for an ssh public key:
`$ cat ./.ssh/*.pub`
* if there is none generate one (keep pressing ENTER):
`$ ssh-keygen -t rsa -b 4096`
* copy the ssh public key over to the VPS (fill in the VPS_IP_ADDRESS).
Will be prompted for the root password of the VPS.
`$ cat ~/.ssh/id_rsa.pub | ssh root@VPS_IP_ADDRESS 'cat >> ~/.ssh/authorized_keys && chmod -R 700 ~/.ssh/'`
## Working on the VPS
* login as root or run:
`sudo su -`
* edit the sshd config:
`sudo nano /etc/ssh/sshd_config`
* make sure these entries are active (uncommented, meaning there is no `#` at the beggining of the line).
Can just paste these on the end of the file:
```
RSAAuthentication yes
PubkeyAuthentication yes
GatewayPorts yes
AllowTcpForwarding yes
ClientAliveInterval 60
```
CTRL+O, ENTER to save, CTRL+X to exit.
* restart the sshd service (WARNING: you can lose access at this point if the config is wrong):
`sudo systemctl restart sshd`
## Back to the host computer
### Set up a systemd service
* create the service file:
`sudo nano /etc/systemd/system/autossh-tunnel.service`
* Paste the following and fill in the VPS_IP_ADDRESS.
Add or remove ports as required.
```
[Unit]
Description=AutoSSH tunnel service
After=network.target
[Service]
User=root
Group=root
Environment="AUTOSSH_GATETIME=0"
ExecStart=/usr/bin/autossh -C -M 0 -v -N -o "ServerAliveInterval=60" -R 9735:localhost:9735 -R 443:localhost:443 -R 80:localhost:80 -R root@VPS_IP_ADDRESS
StandardOutput=journal
[Install]
WantedBy=multi-user.target
```
* Enable and start the service:
`$ sudo systemctl enable autossh-tunnel`
`$ sudo systemctl start autossh-tunnel`
* The port forwarding with a reverse ssh-tunnel is now complete.
You should be able access the ports/services of the host computer through the IP of the VPS.
## Monitoring
* Check if there are any errors on the host computer:
`$ sudo journalctl -f -n 20 -u autossh-tunnel`
* To check if tunnel is active on the VPS:
`$ netstat -tulpn`
## Resources
https://github.com/rootzoll/raspiblitz/blob/master/FAQ.md#how-to-setup-port-forwarding-with-a-ssh-tunnel
https://stadicus.github.io/RaspiBolt/raspibolt_21_security.html#login-with-ssh-keys
Reference in New Issue View Git Blame Copy Permalink