Reverse SSH Tunnel Tool revtun


Going through Firewalls in non planned ways will save: your sleep , your sanity , gas money , Earth from warming up more , your hair , your life ... whatever.

Here is a little building block that can be used in setting reverse SSH tunnels. It is just some lines of Expect that I had to put together a while ago and named them revtun.

#!/usr/bin/expect -f
#Author: g0 2010 , kod.ipduh.com
#License:Same as Expect - Public Domain
#revtun sets up a reverse ssh tunnel  
#ssh example: ssh -R 1025:localhost:22 -p 443 user@192.0.2.123 -fN
#Hardcode the arguments or pass them at this order on the command line
#eg:$revtun 1025 22 443 user 192.0.2.123 password http://kod.ipduh.com

set remoteport "1025"
set localport "22"
set port "443"
set user "user"
set host "192.0.2.123"
set password "password"
set report_to "http://kod.ipduh.com" 

if {$argc > 0} { set remoteport [lindex $argv 0] }
if {$argc > 1} { set localport [lindex $argv 1] }
if {$argc > 2} { set port [lindex $argv 2] }
if {$argc > 3} { set user [lindex $argv 3] }
if {$argc > 4} { set host [lindex $argv 4] }
if {$argc > 5} { set password [lindex $argv 5] }
if {$argc > 6} { set report_to [lindex $argv 6] }

set message "m"

set timeout 10
set pid [spawn ssh -R $remoteport:localhost:$localport -p $port -l $user $host -fN]
while {1} {

        expect -nocase -re ".*yes/no?.*" {
                send "yes\r"
        } -nocase -re "password*" {
                send -- "$password\r\n"
                #send -- "\n"
        } -re "(%|\\\$|#) " {
                set message "$message-prompt"
                break
        } eof {
                set message "$message-eof"
                break
        } -re "incorrect|invalid" {
                set message "$message-incorrect"
                break
        } -nocase -re ".*Warning.*" {
                set message "$message-warning"
                break
        } timeout {
                set message "$message-timeout"
                break
        }

}

set user "$env(USER)"
exec curl $report_to?$user-$message --silent >/dev/null


revtun may be used as a tool by other programs or in emergencies eg: having a Level 1 technician downloading it ( with all the variables hard-coded ) and running it for you behind Firewalls

Usage example:
usar@host_behind_FW$ ./revtun 
OR
usar@host_behind_FW$ ./revtun 1025 22 443 user 192.0.2.123 password http://kod.ipduh.com
This will set up a reverse SSH tunnel from the host host_behind_FW to the host at 192.0.2.123 for the user user. The ssh daemon at 192.0.2.123 listens on port 443. The URI http://kod.ipduh.com is used to send the outcome of the ssh spawn and the name of the user who run revtun.

Now in order to login to the host behind the firewall from 192.0.2.123
user@192.0.2.123$ ssh -p 1025 usar@localhost


Another way of using revtun is within programs eg:
if( shit_hit_the_fun() )
{
logit($error);  
email_poor_sysadmin($error);
system("revtun $PPORT $BFWPORT $SSHPORT $ME $PHOST $PSWD $URI");
#system("revtun 1025 22 443 user 192.0.2.123 password http://kod.ipduh.com");
report_status();
exit 0;
}
I recommend using revtun as a last resort and not make it a standard practice though. For example the shit_hit_the_fun() function above is true if all VPNs are down, and all the safe bridging boxes are not accessible, and the NOC is being bombarded.





revtun --a Reverse SSH tunnel maker