Tuesday, September 30, 2014

linux - Multiple Reverse SSH Tunnels using Single Port

I am able to accept reverse SSH connections from multiple remote systems on a single server using a port for each connection:




Remote A: ssh -fN -R5000:localhost:22 user@server-ip -p22
Remote B: ssh -fN -R5001:localhost:22 user@server-ip -p22
Remote C: ssh -fN -R5002:localhost:22 user@server-ip -p22


I can access these systems from my local client as needed:



Access Remote A: ssh root@server-ip -p5000
Access Remote B: ssh root@server-ip -p5001



This requires forwarding one port per remote system on the server. When 100+ remotes connect, do I have any options other than opening 100+ ports in the server firewall and statically assigning each remote to a port as above? My goal is to enable multiple remotes to create tunnels on demand, where I can query who is connected.



I found that sslh is a multiplexer that can differentiate between traffic on a single port based on protocol but this only applies to different protocols eg. ssl/ssh. Is there a solution that allows multiple tunnels on a single port?



Example:



Remote A: ssh -fN -R5000:localhost:22 user@server-ip -p22 -identifier abc123
Remote B: ssh -fN -R5000:localhost:22 user@server-ip -p22 -identifier def456

access Remote A: ssh root@server-ip -p5000 -identifier abc123
access Remote B: ssh root@server-ip -p5000 -identifier def456

No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...