Using an SSH Connection to Provide Remote Support (Part I)

Last week, at the ALE meeting, a question came up about using SSH to provide remote support for someone who is not especially Linux-literate.  I suggested using an SSH reverse tunnel so the end-user wouldn't need to worry about firewalls, NAT, etc.

Thinking about the problem, I realize that it's a little more complicated than that.  So in part 1, I'm going to discuss the general solution and the approach to the problem.  In Part II, I'll present a more comprehensive solution that will (I think) scale better.

Let's first talk about reverse SSH tunnels.  These tunnels allow a data stream to be carried across the SSH connection in reverse -- that is, from the server to the client.  This is useful for getting back in past a firewall/NAT router/etc. without needing to make configuration changes.

The Basic Premise

First off, let's be clear on the terminology we'll be using.  The "client machine" is the machine being used by the person receiving support.  The "server" is a machine under the control of the person providing the support.

Server Setup

Client Setup

The Script

Place this script, marked executable, on the user's desktop. Double clicking it will allow a support connection in.

 #!/bin/bash
 
ssh -N -R 2222:localhost:22 -i .ssh/support.key support@supporthost.example.com &
 
        echo "Support connection ready!"

Finally

After the script is run, you can ssh -p 2222 support@localhost to connect to their machine via the reverse SSH tunnel.

In the next part, we'll talk about a script to generate most of this for us and make it much easier to set up.