Search code examples
gosshproxyreverse-proxysocks

SSH Reverse Tunnel with GO

I am trying to write a server / client that can help get around Firewalls / Nat Issues.

I noticed SSH has built into support for doing this already. (http://rustyrazorblade.com/2010/03/ssh-reverse-tunnel-to-access-box-behind-firewall/)

I tried a few different SSH examples and none seem to be working. I found one project that says it implemented the Remote Port Fowarding -> https://godoc.org/dev.justinjudd.org/justin/easyssh

The Server says it is Listening for connections but I am unable to SSH from Server Machine To Client Machine. (ssh localhost 8080 on remote machine should forward to client machine.

Client ->

package main

import (
  "log"

  "dev.justinjudd.org/justin/easyssh"
  "golang.org/x/crypto/ssh"
)

func main() {
  config := &ssh.ClientConfig{
    User: "test",
    Auth: []ssh.AuthMethod{
      ssh.Password("test"),
    },
  }


  conn, err := easyssh.Dial("tcp", "*SSH-SERVER*:22", config)
  if err != nil {
    log.Fatalf("unable to connect: %s", err)
  }
  defer conn.Close()

  err = conn.RemoteForward("0.0.0.0:8080", "127.0.0.1:22")
  if err != nil {
    log.Fatalf("unable to forward local port: %s", err)
  }

}

Server ->

package main

import (
  "fmt"
  "io/ioutil"
  "log"

  "dev.justinjudd.org/justin/easyssh"

  "golang.org/x/crypto/ssh"
)

func main() {

  privateBytes, err := ioutil.ReadFile("id_rsa")
  if err != nil {
    log.Fatal("Failed to load private key (./id_rsa)")
  }

  private, err := ssh.ParsePrivateKey(privateBytes)
  if err != nil {
    log.Fatal("Failed to parse private key")
  }

  config := &ssh.ServerConfig{
    PasswordCallback: func(c ssh.ConnMetadata, pass []byte) (*ssh.Permissions, error) {
      if c.User() == "test" && string(pass) == "test" {
        log.Printf("User logged in: %s", c.User())
        return nil, nil
      }
      return nil, fmt.Errorf("password rejected for %s", c.User())
    },
  }
  config.AddHostKey(private)


  easyssh.HandleChannel(easyssh.SessionRequest, easyssh.SessionHandler())
  easyssh.HandleChannel(easyssh.DirectForwardRequest, easyssh.DirectPortForwardHandler())
  easyssh.HandleRequestFunc(easyssh.RemoteForwardRequest, easyssh.TCPIPForwardRequest)

  easyssh.ListenAndServe(":22", config, nil)
}
Solution

  • I'm not sure that you understand how SSH tunneling works looking on your code.

    You need to have SSH connectivity to the remote (server). Then you setup SSH tunnel so local TCP:8080 port will be forwarded to the remote server TCP:8080 port using SSH connection. Actual 8080 port can be closed via firewall.

    Can you connect from your client to your server with SSH?

    You need to check localhost:8080 port and you need to be sure that your server 8080 port is listened by some application too.

    Take a look here for some examples and theory.