Thursday, August 29, 2019

remote access - How to connect two phones via SSH with a central SSH server?


I have two phones A and B which use Mobile Data. I would like to connect from phone A to phone B, the later has an SSH server running on port 8022. The central SSH server is running on AWS and has an Elastic IP. Phone A can connect to AWS Server directly at port 22, so can phone B.


AWS Server configuration:


GatewayPorts yes
TCP forward yes

Password Authentication Yes

Further I have forwarded port 9099 on AWS SSH server to local port 8022 on phone B:


~$ ssh -NR 9099:localhost:8022 user@Remoteip

By running netstat -tpln on AWS SSH server I can see that 9099 is in listening mode.


But when I ssh from phone A into AWS server at port 9099 it says timed out.



Answer



What I have understood from your question:


You have two phones A and B, which are connected to internet through Mobile Data. Phone B has a SSH server running, listening on port 8022. You want to login from phone A to phone B, but since the later doesn't have a public IP, you want to create a reverse SSH tunnel from phone B to another SSH server running on AWS cloud, listening on port 22. In this way you want that all traffic received on port 9099 on AWS SSH server should be forwarded to port 8022 on phone B, so that phone A can access it on internet.



If I understood correctly, the simplest thing you have to do is:




  • On AWS run a SSH server, which is listening on port 22. Since you are able to login to this server from both phones A and B, I think you have done it correctly. Let's say your login user here is server_user and IP address is server_ip.


    You need two additional keywords in /etc/ssh/sshd_config, should look like this exactly (no extra spaces):


    # /etc/ssh/sshd_config

    AllowTcpForwarding yes
    GatewayPorts yes


    After changing configuration, don't forget to restart server.



    • First parameter ensures that port forwarding is allowed i.e. you'll be able to create tunnel.

    • Second parameter ensures that the reverse tunnel will listen on all network interfaces, and not only the local (loopback) interface on AWS server.




  • On phone B run a SSH server, which is listening on port 8022, let's say your login userame is phone_user (Termux's SSHD requires no username).


    Do test if you can login to this server. For instance create hotspot on phone A or B or connect both to some third WiFi network. Now login from phone A to phone B. If it doesn't work, troubleshoot the problem, most likely with password / key authentication.





  • On phone B create a reverse tunnel i.e. forward AWS SSH server's port 9099 to phone B's (local) port 8022:


    ~$ ssh -NR 9099:localhost:8022 server_user@server_ip

    This can be done on Termux or use some GUI app like ConnectBot.


    To test if the the tunnel works correctly, on AWS server:


    ~$ ssh phone_user@localhost -p 9099

    It should login you to phone B.





  • On phone A, login to phone B through AWS SSH server:


    ~$ ssh phone_user@server_ip -p 9099


If it doesn't work, repeat the steps.


RELATED:



-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

samsung galaxy s 2 - Cannot restore Kies backup after firmware upgrade

I backed up my Samsung Galaxy S2 on Kies before updating to Ice Cream Sandwich. After the upgrade I tried to restore, but the restore fails ...