Remote into Linux workstation behind a firewall

Let's say I have a Linux workstation at work, behind a firewall. So even though I may have a remote access server set up on it (such as the most excellent NoMachine NX Server), I can't access it from home.

My home network happens to have a Linux server. Is it possible to ssh from work to the home Linux machine and set up a tunnel so that once I'm at home, I can run the NX client, point it to my home Linux box on some port like 9000, and have that forward through the tunnel to port 22 on my work Linux box? How would I set this up?

Solution 1:

From the machine at work, create a tunnel to your machine running ssh at home:

randolf@workserver:~$ ssh -vvv randolf@myhomeserver -R 44455:localhost:22

This will forward the remote port 44455 from your home server to port 22 (or whichever port ssh is listening on) on your work machine.

From home, check to see if anything is listening on 44455

randolf@homeserver:~$ netstat -an | grep 44455
tcp        0      0 127.0.0.1:44455         0.0.0.0:*               LISTEN 

Next, to connect from home to your work machine, from your home server:

randolf@homeserver:~$ ssh localhost -p 44455
Password: ******

From there you should be connected to your work machine via your tunnel.

Solution 2:

You could set some port forwarding up with your firewall, or possibly even use a tool like "bounce" to re-direct ports if there are some restrictions on what you're allowed to do with your firewall, but here's what I'd do if I were you:

Install the excellent free, open source, userland OpenVPN software. Set up the target server as an OpenVPN client (and configure infinite connection retries), and your home Linux server as the OpenVPN server. This way, the target server running the OpenVPN client will be connected to your home Linux server whenever it's operational and connected to the internet -- through this VPN connection, you can have full access to your work/target server (running the OpenVPN client).

  OpenVPN (full-featured free, open source, userland VPN solution)
  http://www.openvpn.net/index.php/open-source.html

Solution 3:

How to connect to a Linux box on port 3389 (RHEL5)

Unfortunately, port 22 is blocked by many firewalls and tunnels may open security holes so the best approach is to set ssh and NX to listen on port 3389 instead of the standard 22 which may confuse the majority of hackers

Configure OpenBSD to listen to port 3389

vim /etc/ssh/sshd_config

Port 3389

service sshd restart

Download NX Client for Windows to the RHEL ftp site

wget http://64.34.173.142/download/3.5.0/Windows/nxclient-3.5.0-9.exe

Download NX Free Edition for Linux

wget http://64.34.173.142/download/3.5.0/Linux/nxclient-3.5.0-7.i386.rpm
wget http://64.34.173.142/download/3.5.0/Linux/nxnode-3.5.0-9.i386.rpm
wget http://64.34.173.142/download/3.5.0/Linux/FE/nxserver-3.5.0-11.i386.rpm

As root - Install NX in this order

rpm –ivh nxclient-3.5.0-7.i386.rpm
rpm –ivh nxnode-3.5.0-9.i386.rpm
rpm –ivh nxserver-3.5.0-11.i386.rpm

Configure NX for port 3389

vim /usr/NX/etc /node.cfg
#
# Specify the TCP port where the NX node SSHD daemon is running.
#
SSHDPort = "3389"

vim /usr/NX/etc /server.cfg
#
# Specify the TCP port where the NX server SSHD daemon is running.
#
SSHDPort = "3389"

service nxsensor restart
nxserver --daemon restart