TMBTC Post

Keep Alive SSH with Reverse Tunneling


SSH SSH TUNNELS BASH

Keep Alive SSH with Reverse Tunneling

2017-09-18
keep-alive-ssh-with-reverse-tunneling

SSH Tunnels are awesome! Reverse Tunnels are even awesomer! (yeah I know thats not a word). What is reverse tunneling you ask? In short, you can establish an SSH connection from a remote device, A, to another remote device, B.  And from remote device B, you can log into remote device A. Confused? Lets use a real world scenario.

Lets say you have a Raspberry Pi (device A) and it sits in your house behind a firewall (and you don't want to open any incoming ports). You also have a web server (device B) somewhere in the cloud. On the Raspberry Pi you've established a reverse tunnel to the web server. While at work you want to log into your Raspberry Pi and check on your camera to watch your cats (you have one on your Pi, right?).  Using a reverse tunnel, you can log into your web server and establish an SSH connection back into your house, through the firewall, into the Raspberry Pi. Voilà!

On to the script!

# remote_ip : the remote hose you wish to establish the tunnel with.
remote_ip=my.remoteserver.com
# remote_port : the port you will use to connect from remote node to local
remote_port=2222
# local_ip : used to establish which network interface you will be using
local_ip=localhost
# local_port : the local port the revers tunnel will be connecting to
local_port=22

# Get the process id (pid) of the last known running process
pid=$(cat /home/pi/ssh_reverse_tunnel_params.pid)
if [ ! -e /proc/${pid} -a /proc/$pid/exe ]; then
  echo `date '+%y-%m-%d %H:%M:%S'` "Creating new reverse tunnel connection to $remote_ip."

  # write the port number to a file so we can use it again later
  $(echo $remote_port > /home/pi/sh_reverse_tunnel_params.port &)
  remote_port=$(cat /home/pi/ssh_reverse_tunnel_params.port)

  echo `date '+%y-%m-%d %H:%M:%S'` "Connections made to $remote_port from $remote_ip will be re-directed to 
$local_ip:$local_port"
  # start the reverse tunnel
  $($(/usr/bin/ssh -v -i /home/pi/.ssh/id_rsa -N -R $remote_port:$local_ip:$local_port user@$remote_ip sleep 9999) & echo $! > /home/pi/ssh_reverse_tunnel_params.pid &)
  if [[ $? -eq 0 ]]; then
    echo `date '+%y-%m-%d %H:%M:%S'` "Setting up tunnel from $remote_ip allowing $remote_port --> $local_port created successfully"
  else
    echo `date '+%y-%m-%d %H:%M:%S'` "ERROR: An error occurred creating a tunnel at `date '+%y-%m-%d %H:%M'` to $remote_ip through $local_port was $?"
  fi
fi

remote_port=$(cat /home/pi/RFID_PI/ssh_reverse_tunnel_params.port)

Lets break it down.


The first part of the script sets up the environment.

# remote_ip : the remote hose you wish to establish the tunnel with.
remote_ip=my.remoteserver.com
# remote_port : the port you will use to connect from remote node to local
remote_port=2222
# local_ip : used to establish which network interface you will be using
local_ip=localhost
# local_port : the local port the revers tunnel will be connecting to
local_port=22

Change the remote_ip and local_ip to fit your needs. The remote_port and local_port are probably fine, unless you happen to have port 2222 already used on your remote system.

The IF statement is there to check to see if the tunnel is already running. If it is, it simply exits. If for some reason the tunnel isn't running, the script enters the IF clause and establishes the tunnel.
This is the magic that makes that happen.
# start the reverse tunnel
  $($(/usr/bin/ssh -v -i /home/pi/.ssh/id_rsa -N -R $remote_port:$local_ip:$local_port username@$remote_ip sleep 9999) & echo $! > /home/pi/ssh_reverse_tunnel_params.pid &)
All the other stuff is there to help troubleshoot and log activity.

Now log into your Web Server and ssh to your Raspberry Pi by connecting to local port 2222 like this:
$ ssh -p 2222 user@localhost
This command tells ssh to connect to the local port 2222 and because of the reverse tunnel, your traffic goes through the internets, into your house, and connects to the Raspberry Pi.

Cool, eh?

Now all you need to do is make the script executable and add the script to cron. I normally have it running every five minutes.

A few minor notes about the script.
  • This assumes you've already exchanged SSH keys from the Raspberry Pi and the Web Server.
  • Your Web Server is accessible from the the Raspberry Pi.
  • Port 2222 is available on your Web Server.
Happy tunneling!

You might also like
simple-bash-script-to-email-server-status

Simple Bash Script To Email Server Status

2012-08-22

I didn't want to constantly have to log into my servers in order to check on key performance indicators so I decided to write a simple script that would do the checking for me. After collecting results, the script emails them to me. There are a few tools called within the script you might need to install. I also convert any tabs into spaces in order to make sure things line up nicely inside my email. #!/bin/bash SERVER="myserver001" TOEMAIL="admin@myservers.com" FROMEMAIL="myserver001@myserverscom" # Who is logged in and what are they up to WHO=`w` #


Read More...

how-to-fix-pagehandlerfactory-integrated-has-a-bad-module-when-setting-up-asp-net

How to fix: “PageHandlerFactory-Integrated” has a bad module when setting up ASP.NET

2012-08-22

I was recently setting up IIS 7.5 on Windows 2008 R2 for an ASP.NET site and came across the following 500 error: Handler "PageHandlerFactory-Integrated" has a bad module "ManagedPipelineHandler" in its module list. After a bit of searching, it turns out ASP.NET was not completely installed with IIS even though I checked that box in the "Add Feature" dialog. I found a number of suggestions but found this command. It fixed my issues and got rid of the error. %windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -i For a 32 bit system, use the


Read More...