5

I have a server and a remote computer. Now I want to access the remote computer via SSH but it is possible that it is behind a NAT. That's one of the reasons I want a reverse SSH connection.

The idea is to establish a connection from the remote computer to the server and use this connection to communicate via SSH from the server to the remote computer.

With OpenSSH this is quite easy. From the remote computer I open the reverse SSH tunnel:

ssh- R 19999:localhost:22 [email protected]

Now I can use this from the server side with:

ssh localhost -p 19999

I want to achieve the same behavior with a go application and the go SSH library on the remote computer. The server will still use OpenSSH so it should not be changed.

I know how to connect to a computer via SSH from go but how can the reverse part be achieved?

func main() {
    config := &ssh.ClientConfig{
        User: "vagrant",
        Auth: []ssh.AuthMethod{
            ssh.Password("vagrant"),
        },
    }

    conn, err := ssh.Dial("tcp", "192.168.0.10:22", config)
    if err != nil {
        panic("Failed to dial: " + err.Error())
    }
}
Improve this question

2 Answers 2

Reset to default
3

I found a solution. OpenSSH returns a terminal session or the output of a command if you supply one. Furthermore it allows you to authenticate the connection from the server to the client over the open tunnel.

To support this behavior I needed to supply the listener of the open connection to a ssh server implementet in go on the remote side. More complicated then I thought but it works.

I got a working example server here. I just need to exchange the listener in the example code for a listener on the client connection.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Hey, I tried your server_complex.go, it does not work, I get the error: 2016/11/21 16:56:04 new ssh connection from 193.40.242.84:53374 (SSH-2.0-Go) 2016/11/21 16:56:04 recieved out-of-band request: &{Type:tcpip-forward WantReply:true Payload:[0 0 0 7 48 46 48 46 48 46 48 0 0 85 241] ch:<nil> mux:0x105675c0}
2

You use Client.Listen (or Client.ListenTCP) to setup the forwarding port on the server.

You can then accept connections from the returned listener just as you would any other network listener.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.