Feeling like bugs bunny, just without the whole “took a wrong turn at Albuquerque” (by the time I finished
Picture yourself in the position of needing to manage hundreds of clients with individual domains, most of the time systems are fine no issues, some clients have thousands of users. The one thing you’ll always have is password resets, some of the access methods you may use could be
- VPN
- RDP either via VPN / Direct to public ip / HTTPS portal
- RMM from time likes of Kaseya / Connectwise Automate / Datto
- Custom software on site given to a trusted user with hard coded credentials somewhere
Picture the below, there are, many servers connected with internet access, no trust between them just a common connection to the public internet
Reverse SSH tunneling allows you to use that established connection to set up a new connection from your local computer (Internal.MSP.Global) back to the remote computer(Internal.Client.xyz).
Because the original connection came from the remote computer to you, using it to go in the other direction is using it “in reverse.” And because SSH is secure, you’re putting a secure connection inside an existing secure connection. This means your connection to the remote computer acts as a private tunnel inside the original connection.
And so we arrive at the name “reverse SSH tunneling.” (Taken From Here)
Once we have the reverse tunnel in place we can pass network traffic over it, Like say a remote Powershell session, to maybe a Domain Controller for example. I’m sure you can see where I’m going with this with a remote Powershell in place we can pretty much do anything, just need to create the client side configuration to maintain the SSH session open and create a GUI to orginize sending the commands over the tunnel
Be First to Comment