Home / ubuntu / Questions / 15716
Accepted
nixnotwin
Asked: 2010-12-02 08:15:45 +0800 CST

ssh without opening the ports

  • 772

I usually provide solutions for my friends for fixing issues on their ubuntu machines. Most of them use shared internet connection over LAN where they cannot open ports for allowing me access their machines over ssh. Is it possible to ssh into a machine without opening ports. For example services like Teamviewer allow users to just accept a connection request from outside, and if the owner of the machine permits, then the machine can be used by authenticated users. So, similarly, if the owner of the machine permits, with some kind of authentication, one should be able to get ssh access to a machine without opening the ports on the NAT router.

ssh

5 Answers

  1. Best Answer

    You can do this over Empathy's backend (telepathy) through another application called ssh-contact.

    I haven't used it personally, but it seems to me like a good way of getting two novices to SSH into each other.

    Of course another method would be to have them SSH to you (I assume you're competent enough to manage your port forwarding) and forward a port back to a ssh server on their machine.

    Get them to run:

    ssh -R 48724:localhost:22 your_username@your_ip

    You obviously might not want them logging in as your user so you could create another user and have that just for SSHing. There obviously has to be a modicum of trust between you and the other user.

    And then you run:

    ssh -p 48724 their_username@localhost

    I'm using a high port so root privileges aren't required.

    Of course, they'll need openssh-server installed for you to connect but that's a simple sudo apt-get install openssh-server

    • 10

  2. Perhaps this article about reverse SSH tunnel could be of some help to you:

    http://www.marksanborn.net/howto/bypass-firewall-and-nat-with-reverse-ssh-tunnel/

    • 4

  3. Any incoming connection by any means whatsoever will require opening a port. There's just no other way to make a network connection. If there is no existing port you can use, then you can't simply go that direction.

    But you can go the other way. If you have your friend open an ssh connection to your machine, and port forward the ssh port, then you can ssh back through his tunnel to his machine. This gives you an ssh connection to his machine that will only survive as long as his ssh to you, (complete with port forwarding), remains.

    This method also ducks firewalls.

    • 2

  4. You can use a tool called Ngrok. It's very easy to set up and configure.

    ngrok is able to bypass NAT Mapping and firewall restrictions by creating a long-lived TCP tunnel from a randomly generated subdomain on ngrok.com (e.g. 3gf892ks.ngrok.com) to the local machine.

    After specifying the port that your web server listens on, the ngrok client program initiates a secure connection to the ngrok server and then anyone can make requests to your local server with the unique ngrok tunnel address. The ngrok developer's guide contains more detailed information on how it works.

    Check out this Article - Remote access without port forwarding.

    • 0

  5. With straight-up ssh this is not possible. However, there is likely some other tool that would accomplish what you are trying to do.

    • -4