Reverse SSH Tunnel

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
welcomes cross-table solutions my name is Chris and today we're going to talk about a fun little trick that I like to use when I need to access devices on a remote network that I don't have actual access to okay so this is a reverse SSH tunnel now there may be a more accurate name or a more common name for what I'm about to do but I've always known it as a reverse SSH tunnel and so let's hop right into it and I'm going to show you what I'm trying to do and what the heck I'm talking about here okay so let's take a look at this diagram right here so here I am this is my computer on my local LAN I'm at 192 168 204 in a / 24 Network now up here we have crosstalk CRM server this is a cloud hosted system and we have a centralized CRM that all of our free PBX client servers check in to okay so the servers are checking in with that CRM every so often and if we ever need to access a customer's free PBX system we simply tick a box in the CRM and then the next time that free PBX checks in it sees that that box has been ticked and it says oh they want to access me I'm going to open up a secure VPN tunnel out to that CRM system so here we have a free PBX over here it's at 192 168 1 . 200 let's say that I've ticked that box and now that free PBX is VPN into the crosstalk CRM server so I'm VPN din as 172 16 128 106 which is a slash 21 network the free PBX is VPN in to that same network as 172 16 129 26 now at this point I have full access to the free PBX I am VPN right in there so I can go I can go in with SSH I can open up the web GUI everything works great but look down here I've got this cisco SP a 112 and this is a device that I need to configure for this customer and I cannot configure this device via SSH if I could from the free PBX I could just ssh across since i'm already into the free PBX but i actually need to get to the gooey interface of this cisco SP a 112 in order to configure it so the cisco SP a 112 isn't VPN into my server so how do I do that how do I bring up a graphical user interface for a device whether it's the cisco SP a whether it's one of the phones on that network or maybe even that customers firewall like the land interface of their firewall so that i can change some firewall settings how do i do that well we do that with a reverse SSH tunnel okay so let's show you how it works and it's a little bit confusing so I'm in try to explain it as clearly as possible but you might want to re-watch this a few times to see how it works exactly okay so the first thing we need to do is putty into or SSH into the free PBX on the remote side so here we have putty the IP address of the free PBX that I want to remote into is 172 dot 16.1 2926 and we're just going over straight regular port 22 now before I hit connect though I want to come down here to SSH and I want to click on tunnels so we're going to add a new forwarded port and the source port this can be arbitrary right any port that you possibly want to put in here you can put in here in my case I like to use five four three two it's just easy for me to remember and then you want to click on dynamic we're not putting a destination into this box right here this is normally where you might want to put an IP address or something we're going to go ahead and say add and now we're going to connect into their server so here we are I'm going to log in as root okay there we go so I am now logged into that server as root if I ping the cisco SP a112 ping 192 168 1.35 I can ping it from here but again I can't SSH to it and I can't open up the GUI for that port so how do we do that well the next thing we need to do is set up our browser to use port 5 4 3 2 as a proxy ok so here we are I brought up a sec browser I like to use Firefox for this I use Chrome as my default browser but whenever I need to do a reverse SSH tunnel I set up Firefox for the actual tunnel into that customers Network so come over here to settings or options you want to click on advanced and then click on network now under network you see connection configure how Firefox connects to the Internet we're going to click settings and instead of use system proxy settings which is the default we're going to do a manual proxy configuration and we're setting up a Sox host of one 2700 dot one on port 5 4 3 2 okay so where did we come up with that right that was from putty so remember we went to putty and we put in a tunnel at port 5 4 3 2 that was a dynamic tunnel so what we've done is we've essentially said if you go to port 5 4 3 2 on localhost address 1 27001 that is going to tunnel into the SSH connection that we connected to so in this case it's my customers server so again let's take a look at the visio we're SSH into this server with putty and putty has a dynamic port forwarding at port 5 4 3 2 2 basically anything that I want in here and now I am setting up Firefox to utilize port 5 4 3 2 on one 2700 one that was set up by putty for all of its Internet activity ok so if I click OK even if I go to google.com I'm now surfing through that customers network right so I should at this point be able to put in HTTP colon slash slash 192 168 dot 1.35 and bring up the interface of the Cisco s.p.a ok so I hope that wasn't too confusing it's a very very handy tool to use if you are remote administering a customer's network also for anyone out there that administers multiple free PBX systems we do sell the crosstalk CRM platform which allows you to have this special setup where you can just take a box and have your remote customer server free PBX systems VPN into a central location so that you can access them from anywhere this is how we are able to administer free PBX systems all over the country and theoretically all over the world if we wanted to very very easily so yeah it works very very well and it's an invaluable tool that we absolutely can't live without these days so if you are an MSP and you're looking to administer a bunch of free PBX boxes hit us up and we'll give you information on how you can install this type of thing yourself ok so that does it I hope you guys enjoyed this video if you did enjoy this video please give me a thumbs up if you'd like to see more videos like this please click subscribe thank you so much for watching [Music]
Info
Channel: Crosstalk Solutions
Views: 46,329
Rating: 4.7104073 out of 5
Keywords: vpn, remote vpn, vpn proxy, reverse ssh, ssh tunnel
Id: aOmIqUs0fbY
Channel Id: undefined
Length: 7min 39sec (459 seconds)
Published: Tue Aug 01 2017
Related Videos
SSH Tunneling - Local & Remote Port Forwarding (by Example)
Hussein Nasser
90K
1.1.1.1
Crosstalk Solutions
76K
SSH Reverse Tunnel
Chris Finch
15K
Manage all your SSH servers with teleport
The Digital Life
12K
PuTTY SSH Reverse Tunnel And CLI Share
Tall Paul Tech
9.3K
15 Minute Hosted UniFi Controller Setup
Crosstalk Solutions
76K
Use Netcat to Spawn Reverse Shells & Connect to Other Computers [Tutorial]
Null Byte
207K
Unifi Controller Security Best Practices
Crosstalk Solutions
54K
Hak5 - SSH Forwarding: Local vs Remote with examples, Hak5 1113 part1
Hak5
85K
Linux Proxychains Using SSH & SOCKS Proxy For Easy Remote Management & Testing
Lawrence Systems
21K
How to Create a Proxy // Squid (HTTP) and SOCKS
Dev Odyssey
3.1K
VoIP Drama! Sangoma vs. ClearlyIP
Crosstalk Solutions
19K
UniFi Lite Switches - 8 & 16 Port
Crosstalk Solutions
70K
Access Your Home Network From ANYWHERE! - PiVPN Tutorial 2020!
ShaneAJM
26K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.