SSH Reverse Tunnel – Selfhealing

Reverse tunneling is a big security issue but sometimes you may need it though. Please be very careful!

In my case I wanted to test an ELK setup with real data. My filebeats where installed behind a firewall which allowed connections from the logstash server to the filebeat server only. The other direction was blocked.

There are probably many approaches to configure a reverse tunnel. I tried a few and ended up with the following:

I created a screen of nohup process I ran the following command:

while true; do ssh -R 11514:localhost:1514 root@192.168.1.100 'while true; do date; sleep 15; done'; sleep 5; done

This command starts two infinite loops. The first one runs locally on the logstash server. The second runs remote on the filebeat server. The remote loop ensures that the tunnel stays alive. Some firewalls keep terminating connections which are idle. Additionally you can immediately see if the tunnel is still alive. The local loop reconnects to the remote server whenever the connection failed.

Note: This command requires authorized ssh keys to work. But you probably realized that already.

I like this solution very much because it heals itself even in very unstable networks.

That’s IT

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: