How to obtain accees to your corporate LAN via reverse ssh tunnel to your home router


Requirements:

   - Asus WL500gP as home router
   - Firmware from oleg.wl500g.info
   - Real IP address from your ISP


---> On your home router:
   1. Connect to home router using telnet

      telnet router.domain.org

   2. Create required dir in the flashfs space using

      mkdir -p /usr/local/etc/dropbear

   3. Generate the DSS key by typing

      dropbearkey -t dss -f /usr/local/etc/dropbear/dropbear_dss_host_key

   4. Generate the RSA key by typing

      dropbearkey -t rsa -f /usr/local/etc/dropbear/dropbear_rsa_host_key

   5. Adding lines to the startup script "post-boot":

      # you do not need to enter 3 lines below if you've post-boot and
      # post-firewall already

      mkdir -p /usr/local/sbin/
      echo "#!/bin/sh" >> /usr/local/sbin/post-boot && chmod +x /usr/local/sbin/post-boot
      echo "#!/bin/sh" >> /usr/local/sbin/post-firewall && chmod +x /usr/local/sbin/post-firewall

      echo "dropbear -a" >> /usr/local/sbin/post-boot
      echo "iptables -I INPUT -m tcp -p tcp --dport 2222 -j ACCEPT" >> /usr/local/sbin/post-firewall

    6. Store your authorized keys in the:

      /usr/local/root/.ssh/authorized_keys

    7. Save to flashfs and enable it

      flashfs save && flashfs commit && flashfs enable

    8. Reboot router


---> On your workstation in corporate LAN:
    9. Create shell script that will be triggered by the cron

      echo '#!/bin/sh' >> /home/username/reverse_ssh_tunnel.sh
      echo 'COMMAND="ssh -N -f -R Home_Router_WAN_IP_Address:2222:localhost:22 root@router.domain.org"' >> /home/username/reverse_ssh_tunnel.sh
      echo 'pgrep -f -x "$COMMAND" > /dev/null 2>&1 || $COMMAND' >> /home/username/reverse_ssh_tunnel.sh

      crontab -e
  
      and add:
       
      */5 * * * * /bin/sh /home/username/reverse_ssh_tunnel.sh

   10. Take coffe break for 5 min


---> From any host from anywhere:
   
   11. ssh -X -p 2222 username@router.domain.org
   12. Enjoy!


Copyright © 2010 Andrew A. Martis