Data Science Engineering Manager at WhiteHat Security, Trustee at Farset Labs and Vault Artist Studios
Inspired by a pretty good write up by Cynofield as to his setup for getting a Raspberry Pi to “phone home”, I thought I’d set out how I do it.
I have a machine that lives behind a ‘security’ infrastructure that makes my life a living hell.
As a result, I set up automatic persistent reverse shells going back to other machines I use, so if I connect to those machines, I can get into the secure environment, without anything nasty being able to get in with me.
Biggest pain in the ass is setting up the persistence of the connection. This is accomplished in two ways.
Autossh maintains the ‘once up’ persistence, so if the connection drops or is temporarily unavailable, it’ll keep trying again.
Because I’m lazy, I wrapped autossh into a little lazy script I call
#!/bin/sh # Example script to start up tunnel with autossh. # This script will tunnel 22 from the local host # to 11122 on the remote host. ID_FILE=$HOME/.ssh/id_rsa AUTOSSH_GATETIME=30 AUTOSSH_DEBUG=yes AUTOSSH_PATH=/usr/bin/ssh export AUTOSSH_GATETIME AUTOSSH_DEBUG AUTOSSH_PATH autossh -2 -fN -i $ID_FILE -R '*':11122:localhost:22 -R '*':11188:localhost:8888 $*
Now the connection is set up between the remote host machine and the “protected host”, which we’ll assume is not externally accessible normally. So to get back from the remote host to the protected host through whatever is in between, ssh into the remote host, and go
$ ssh [email protected] -p 11122
Ok, so how to set it up as a service that starts at boot? Easy…
To edit your per-user cron listing:
$ crontab -e
and add in
@reboot path/to/ssh_tunnel [email protected]
Big benefit here is that it’s easy as Pi(e) to set up multiple redundant hosts just by adding a new crontab line.