On any device, I establish a SSH connection with the server: ssh.On mynuc, I run the command to establish the port forwarding.In a nutshell, I etablished a remote port forwarding from :33333 to mynas:12000. Then, every connection on myserver targeting the port 33333 should be redirected to mynas on port 12000". The above command can be translated in plain english as : "Establish a SSH connection to myserver. To work around this issue, I can execute the command from mynuc. If I run the reverse tunnel command from my NAS, I am giving admin privileges to myserver. The issue is, the NAS operating system was botched and I can only login as an administrator with SSH. In my case, I want myserver to reach mynas. Whenever a connection is made to this port or Unix socket, the connection is forwarded over the secure channel, and a connection is made from the local machine to either an explicit destination specified by host port hostport, or This works by allocating a socket to listen to either a TCP port or to a Unix socket on the remote side. Specifies that connections to the given TCP port or Unix socket on the remote (server ) host (here `myserver ` ) are to be forwarded to the local side (**mynuc** or **mynas** ). Here is the refined documentation about the -R option: -R port:host:hostport To establish a reverse connection I have to use the -R option: ssh ]hostname Thanks to this new connection, myserver is able to communicate with mynuc or any other device accessible from mynuc such as mynas. With a reverse tunnel, I add a connection going the other way inside the main SSH connection. Usually we use this connection to run a shell on the remote computer (here myserver). When I run the command ssh from mynuc, I establish a SSH connection between mynuc and. Here is the final command if you are too impatient to read the rest: ssh -R 33333:10.0.0.20:12000 "restic -p ~/password -r backup /etc/nginx" Reverse SSH tunneling The usual SSH connection The problem is that myserver is not capable of reaching mynas because this machine is behind a NAT.īut with reverse SSH tunneling, we can work around this issue. The general idea is to set up a cron job that calls the backup script shown in the previous article. I have installed rest-server on this machine. mynas is my local machine that will store the backup.I am an admin on this server so I can install restic or create new users if needed. is the server with some precious data I'd like to backup. To illustrate the process I will use the following names: I also have an alternate article explaining how to achieve the same objective with a permanent port forwarding, a dyndns and a self-signed certificate. There are multiple ways to do this, in this article I detail how I solved this issue with a SSH reverse tunnel. One of my use cases is to backup data on some of my server to a local machine on my home network.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |