SSH Reverse Tunnel Server Configuration

In some network environments, the Fudo Enterprise system may not have direct access to the target server due to:

  • Firewall restrictions

  • Network segmentation

  • Server located in a private network

In such cases, you can use a jump host (intermediate server) that has access to both the Fudo Enterprise system and the target server.

Note

The jump host acts as an intermediary, establishing an SSH reverse tunnel between the Fudo Enterprise system and the target server.

Requirements

  1. Jump host with access to Fudo Enterprise system and target server.

  2. SSH client installed on the jump host.

  3. Ability to execute SSH commands on the jump host.

Preparing SSH Keys on Jump Host

  1. On the jump host, generate an SSH key pair (if it doesn’t exist):

ssh-keygen -t rsa -b 4096 -f ~/.ssh/fudo_jumphost

  1. Copy the contents of the public key:

cat ~/.ssh/fudo_jumphost.pub

Creating a Server with SSH Tunnel Option

  1. From the left menu, select Session Management > Servers and click Add server.

  2. Enter a name (e.g., Jump_Server_Target).

  3. In the SETTINGS tab, choose the appropriate protocol for the target server (e.g., SSH).

  4. Check the Use SSH tunnel option.

  5. In the SSH tunnel key field, paste the SSH public key from the jump host.

  6. Click Save.

Getting the SSH Command

After saving the server configuration, the Fudo Enterprise system will generate an SSH command to execute on the jump host.


Example generated command:

ssh -l tunnel -p 65522 -o ExitOnForwardFailure=yes -N -f -R /tunnel/8754997675608244234:<target>:<port> 10.31.135.179

where you need to replace:

  • <target> - with the IP address of the target server

  • <port> - with the port of the target server

Establishing the Tunnel

Execute the command generated by the Fudo Enterprise system on the jump host, substituting the actual values:

ssh -l tunnel -p 65522 -o ExitOnForwardFailure=yes -N -f -R /tunnel/8754997675608244234:192.168.1.100:22 10.31.135.179

where:

  • 192.168.1.100:22 - address and port of the target server

  • 10.31.135.179 - address of the Fudo Enterprise system

Command parameters explanation:

  • -l tunnel - tunnel username

  • -p 65522 - Fudo Enterprise system port for tunnels

  • -o ExitOnForwardFailure=yes - exit if port forwarding fails

  • -N - do not execute remote commands

  • -f - run in background

  • -R /tunnel/ID:target:port - create reverse tunnel

Related topics: