Accessing Internal Network using SSH Tunnel or Bastion Host

I was looking for a trick on how to access the internal network from remote. This method looks secure as it is using SSH for traffic.

  • Get access to a cloud server or VPS (Linux based; accessible from the internal network).
  • Select a system in the internal network and execute the following SSH command:
1
ssh -nNT -R 9999:192.168.0.5:22 username@IP

For example,

1
ssh -nNT -R 9999:192.168.0.5:22 root@11.22.33.44 -p 2345

In the above command,
-N : used for forwarding ports
-n : used for executing X11 programs (such as gedit, emacs)
-T : Disable pseudo-tty allocation.
-R [bind_address:]port:host:hostport : Specifies that the given port on the remote (server) host is to be forwarded to the given host and port on the local side. This works by allocating a socket to listen to port on the remote side, and whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the local machine.
-p : SSH port number (if applicable)

  • Rest is self explanatory.
    The above command will connect to the IP. After this, Connect to the same cloud server/VPS from your home (remote location).

After being connected, execute the following command:

1
ssh -p9999 localhost

The above command will connect to the internal system which we had selected initially.

NOTE: Please note that the port 9999 must not be blocked on the cloud server/VPS, else it will fail to connect.

Thanks for reading.

cloud command linux ubuntu centos network remote ssh terminal computer vps computers hack ip port server