Reverse ssh on windows 10

3

I am running Windows 10 for my home PC with bitvise SSH server, and a VPS Ubuntu ec2 instance from Amazon.

My ISP blocks ssh from coming IN, but I can connect to other SSH servers outside my LAN no issue. I have confirmed this by calling my ISP and they do indeed block SSH. Connecting to an online SFTP server for testing, works just fine.

What I have done is created myself a new VPS from Amazon, free tier for a year, with no storage.

Since my home PC can connect to a outside server just fine, I want my home SSH server to connect to the VPS and then have the VPS, reverse any SSH connections to it (VPS) back to my home PC. For example, if I am at a library on their PC, I could plug in my USB drive that has winscp or bitvise client on it, SSH to my VPS, which in turn relays the SSH session to my home server through the tunnel that was originally created.

I do not know how to do this with Windows 10. I'm guessing I would need something like putty or bitvise client to create a connection, keep said connection on all the time, then somehow configure the VPS to relay the SSH to my home machine.

I don't think a VPN will solve this, since I do not have direct control over the school, library, friends, public PC to install software onto it to connect to the VPN. Plus, having to install software on a PC every time I want to connect is a hassle. A lot of SFTP clients run on a USB stick, which makes it simple.

I did find a tutorial on how to do it if both machines were using Ubuntu. I can not and will not change the home PC to Linux. Any other PC is fine being Linux, but not the home one.

Matt Thomas

Posted 2019-12-09T14:09:01.433

Reputation: 41

Have you tried port forwarding configurations with your AP? You can make new connections to a port on your home network forward to the internal IP address of your device. – Ecstasy – 2019-12-09T14:31:53.293

Opps, forgot to mention that. Yes i have, but it doesnt matter anyway because my isp blocks it at the edge router according to them. All my port forwards work for any other protocol except ssh. I have tried it on 25565, 47506, 8022,5322, and no go. All firewalls were completely turned off for about 30 seconds to do testing. Nothing ever hit my server, no logs, nothin. Just times out. I even switched to my nieghboors xfinity access point, with their permission, and ssh server worked just fine haha. But my isp has confirmed that ssh is blocked. – Matt Thomas – 2019-12-09T14:57:21.127

Im really hopping to learn how to do reverse ssh on a vps from a win 10. So much to learn haha – Matt Thomas – 2019-12-09T15:02:41.023

If your goal is to avoid VPN altogether, you could open a port for HTTP that has WebSSH2 configured. – Ecstasy – 2019-12-09T15:02:44.917

I'm voting to close this question as off-topic because I think this is an XY problem case.

– Ramhound – 2019-12-09T17:19:12.563

Answers

2

I think this is an XY problem case. Reverse SSH tunnel may or may not be a solution to your problem but there are simpler things that I would recommend trying first.

  1. What exactly are you trying to achieve in the frist place? Just to be able to remotely access your home PC?

  2. Please re-consider your ISP situation. I have not heard of ISPs specifically blocking incoming connections on port 22 anywhere on network level. Why would they? Is there a chance that you misunderstood them? Could it be that a router provided by your ISP blocks incoming connections on port 22? In this case, assuming that router is in your posession, you can just set up port forwarding and achieve desired behavior.

  3. Don't write off VPN so easily. If you want reliable and versatile way to open connections on any port in any direction from anywhere including public places and networks with security restrictions, VPN is a go-to solution. Several comments here:

    • You don't need to install software to run it. You can find VPN clients that can be run without installations (portable *.exe file)
    • If public machine does not allow to run unknown *.exe files then you won't be able to run ssh/winscp/bitvise client that you brought on your USB stick either.

And as a final thought there is no difference between reverse ssh tunnelling on *nix and windows. SSH functions the same way. Just get an ssh.exe for your windows machine.

Some additional reading:

https://unix.stackexchange.com/a/46271/240954

https://community.xplenty.com/knowledgebase/articles/856362-set-up-a-reverse-ssh-tunnel-from-windows

Welcome to SU )

Art Gertner

Posted 2019-12-09T14:09:01.433

Reputation: 6 417

to answer your first question: i want to access my pc from any public, school, friends, library PC.

to answer second question: I called them 3 times and yes they do block protocol ssh and http to prevent people running their own webservers from home. Like i mentioned above. ALL port forwards do work until i use ssh as the protocol. Just to test it, i set up a game server for a friend with a port forward in my router of 25565. it works for the games no issue, but as soon as i try ssh through it, no go. HOWEVER, when i switch the internet to my phone or nieghboors wifi, the ssh works. – Matt Thomas – 2019-12-09T22:42:47.030

to answer question 3. I am OPEN to this solution. I must have been ill-informe by previous forum telling me that vpn software can not be run portable. If this is by far the better solution, i am open to it. Still, learning the reverse ssh solution would be fun and educational. HOWEVER, im open to this VPN server idea right now.

as for the reverse ssh comment you made about it being the same... maybe its because im using bitvise server as the server rather than open ssh server?

i appreciate your welcome:) – Matt Thomas – 2019-12-09T22:45:21.417

So open vpn forums are telling me there is no such thing as a portable vpn client?? i joined them today to ask that question and they say "no" haha. soo? that leaves me confused. – Matt Thomas – 2019-12-10T03:29:00.513

After a little reading I agree you are right. Truly portable VPN clients apparently don't exist. Portable versions of known VPNs still need driver installation – Art Gertner – 2019-12-10T09:07:27.710

I highly appreciate you replying back. I found something interesting, check this out: https://vincetocco.com/how-to-setup-a-reverse-tunnel-with-putty/ this showed me something that i think could help me out. this is kind of what you were trying to say earlier. i just found it about 5 minutes ago:)

– Matt Thomas – 2019-12-10T09:24:52.560

0

The best solution I see:
1. Install OpenVPN Server on the device you wish to SSH into
2. Start OpenVPN connection to server
3. Start SSH as you would without a VPN. You may even be able to use localhost instead of the host IP.

Secondary solution (if you must avoid VPN)
1. Install and configure WebSSH2 on the server (for the love of god, don't use a default HTTP port for this!)
2. Simply type http://ipaddress:port into your browser! If properly configured, an input should display for authentication credentials.

Ecstasy

Posted 2019-12-09T14:09:01.433

Reputation: 116

Like i told Art, im listening to this vpn idea.. I must have been informed incorrectly at the last forum i was at.. Im not avoiding vpn, i was told that you need admin rights to use vpn software and that it cant be done with a USB, which basically threw my idea out the window haha. How would you start vpn connection from a public pc you dont own? IE library PC. – Matt Thomas – 2019-12-09T22:52:04.693

I didn't take into account that you were going to be using a device without administrative privileges. I would use the WebSSH2 method. There would be no installation or modification required on the public PC, and it is very easy to configure. (sorry for the late response) – Ecstasy – 2019-12-23T01:45:02.423

Asked: 2019-12-09T14:09:01.433

Viewed: 115 times

Active: 2019-12-09T16:04:39.913