# Reverse SSH Questions



## AJ-BSD (Feb 21, 2014)

Hello everyone!

I have a couple of 'reverse ssh' questions... and although not FreeBSD (or *BSD) specific, to be honest, this forum is my go-to place.
I always get helpful answers and discussions here... and directed to the correct source of information if need be.

As you know, I am a n00b to all of this... so I am still learning.
I have been creating a reverse ssh tunnel for two days now... with mixed results.

My setup:
Small Raspberry Pi running Raspian (linux).
Web server running CentOS (linux).
(_I would like to migrate everything to FreeBSD in the future... yet at the moment, if I attempt that, I will break it seriously_).

The list of processes that occur will be written below in a 'time line'.
Not sure if I am doing the correct things in the correct order!

0- Already created key files for the ssh connections, and positive I can ssh into the web server with the key file
1- from the rPi, I can manually create the reverse ssh tunnel with this line:
`ssh -N -R 1234:localhost:22 USER@webserver`

Once created, it works fine.
I can then ssh into the web server, and ssh back into the rPi with this line
`ssh -l USER -p 1234 localhost`

My problem arises when I leave the connection:
Leave it either:
0- not doing anything for hours
1- on the rPi, hit Ctrl - x  and close that command off (the reverse ssh command)

Once either of those happens, if I log back into the web server, and try to connect to the rPi via
`ssh -l USER -p 1234 localhost`
It refuses the connection.

When I close the connection on the rPi with Ctrl -x, I understand.
Yet from not doing anything for hours... I would reckon it timed out.

What can I do to keep it alive?

Or any suggestions different altogether?
I am reading now into autossh, which looks promising.
And here is the page from where I started with this: Raspberry Pi: Phoning home using a reverse ssh tunnel


Thank you!!
AJ


----------



## AJ-BSD (Feb 21, 2014)

Additional Comments,
Guys, I will explain what I want to do... and maybe you can tell me a "best practice"?
Maybe I am doing something really wrong, or bone-headed... and there is a much better way.


Why Do I Want A Reverse SSH Tunnel
*Will be accessing various remote rPi via these tunnels*

I am going to setup various Raspberry Pis (rPis) in different geographic locations.
Whenever I want to change something inside the rPis, I want to have ssh access.
So I am programming the rPis to create a reverse ssh tunnel, and if down, keep it alive.
I do that "keep it alive" with the script attached below.
I trully don't need the rPis always online.
Just need them online when a change will be made.

Another setup I thought about was to have the rPis do a wget (curl?) every five minutes.
The wget a small text file on my server.
When I want to connect to an rPi, I place its "serial number" inside the text file.
All the rPis grab the text file... yet only the matching serial number rPi will execute the reverse ssh.
This way, I can drop the serial number inside the text file, wait 5-6 minutes, and then try and do the ssh tunnel into the rPi.

I like this setup better, as it doesn't have all those reverse ssh tunnels always online to my server.

What do you think?
Would you do it another way?
Am I complicating this a lot, and there is a better way?

Thank you very much for your help... I appreciate it a lot!

AJ

This script from the link in 1st post: Raspberry Pi: Phoning home using a reverse ssh tunnel

```
#!/bin/bash
createTunnel() {
  /usr/bin/ssh -N -R 2222:localhost:22 serverUser@25.25.25.25
  if [[ $? -eq 0 ]]; then
    echo Tunnel to jumpbox created successfully
  else
    echo An error occurred creating a tunnel to jumpbox. RC was $?
  fi
}
/bin/pidof ssh
if [[ $? -ne 0 ]]; then
  echo Creating new tunnel connection
  createTunnel
fi
```


----------



## tingo (Feb 23, 2014)

Is there a reason why you don't simply allow ssh access to the Pi's?


----------



## AJ-BSD (Feb 23, 2014)

Hello @tingo,
Thanks for the reply!

Well, the rPis all do have ssh access allowed.  Maybe I did a mess of my explanation above... so let me try and do it without the cruff:
Many of the rPis are behind networks that have internet access, yet I cannot go back INTO the network. Either because they don't have a static IP, or don't allow a dynamic dns service (like DynDNS.org), or because I cannot do port-forwarding.

That's why I want the rPis to connect to the outside (which they're able to do), and then create a reverse ssh tunnel back.


========
Now, a little bit off topic, and a little bit on-topic:
During this project, I have realized that apparently, what I'm trying to do is very useful for hacking activities. And although I had not thought about it this way, it's interesting. It is also interesting that the information is out there, yet all you have to do is piece it together (which I'm still in the process of doing).

========
As it stands right now, what I have resorted to doing (still coding the scripts) is the following:
All the rPis will do a `wget` for a small text file every 5 minutes. They will then check the content of that text file, which is a number. If that number matches their own serial number, they initiate the reverse SSH tunnel.

So, when I want to connect to one of the rPis, all I have to do is modify the text file residing on the webserver. I place the intended rPi's serial number in there... and within 5-6 minutes, that rPi should initiate a reverse SSH tunnel back to my server.

Now, it is very interesting that closing the connection on the rPi, I have to do a "timeout" or a kill. And, after talking on the irc #openssh, apparently, the only way to eliminate open reverse ssh tunnels server side, is to kill them! That to me was pretty interesting.

So I am scripting some stuff, which will periodically scrub the rPis and the server for open reverse ssh tunnels, and kill those PIDs.

I'll update how it goes.
Thanks for the reply @tingo!!


----------

