From cad794c480778228a28773f471ab307a442f390a Mon Sep 17 00:00:00 2001 From: SkyperTHC <5938498+SkyperTHC@users.noreply.github.com> Date: Mon, 6 Feb 2023 11:36:43 +0000 Subject: [PATCH] Update README.md --- README.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/README.md b/README.md index 30bd43c..70ed8be 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,7 @@ Got tricks? Join us on Telegram: [https://t.me/thcorg](https://t.me/thcorg) 1. [SSH tunnel IN](#sti-anchor) 1. [SSH socks5 OUT](#sso-anchor) 1. [SSH socks5 IN](#ssi-anchor) + 1. [SSH to NATed host](#ssh-j) 1. [Network](#network-anchor) 1. [ARP discover computers on the local network](#adln-anchor) 1. [ICMP discover local network](#idln-anchor) @@ -278,6 +279,31 @@ ssh -g -R 1080 user@server.org The others configuring server.org:1080 as their SOCKS4/5 proxy. They can now connect to *any* computer on *any port* that your computer has access to. This includes access to computers behind your firewall that are on your local network. An alternative and without the need for a server is to use [gs-netcat](#bdra-anchor). + +**2.vi SSH to a host behind NAT** + +[ssh-j.com](http://ssh-j.com) provides a great relay service: To access a host behind NAT/Firewall (via SSH). + +On the host behind NAT: Create a reverse SSH tunnel to [ssh-j.com](http://ssh-j.com): +```sh +ssh_j() +{ + [[ -z $1 ]] && { echo "ssh_j [anyrandomname]"; return; } + echo "To connect to this host: ssh -J ${1,,}@ssh-j.com ${1,,}" + ssh -o StrictHostKeyChecking=no ${1,,}@ssh-j.com -N -R ${1,,}:22:127.0.0.1:22 +} +``` +```sh +ssh_j BlahAnyName +``` + +Then log in to 'BlahAnyName' (the host behind NAT) from anywhere else in the world: +```sh +ssh -J blahanyname@ssh-j.com blahanyname +``` + +This command connects to ssh-j.com first and then 'jumps' into the reverse channel. The traffic is end-2-end encrypted and ssh-j.com can not see the content. + ---