SSH Out to non standard port

nikc · January 4, 2017, 3:49pm

As per topic really.

I want to try to create a reverse SSH tunnel so I can manage my router thats behind a NAT address via SSH, my remote box I want to use is running on a non standard port and looking at the wiki there is no reference to port numbers ?

Thanks

k6ccc · January 4, 2017, 4:31pm

I’m a little confused about what you are trying to do, so let me make sure I have it right. You have a RouterOS based router that you want to control via SSH on a non-standard port. That router is behind some other router that is doing NAT. Do I have that right? If that’s the case, that’s easy.
In your RouterOS device, in IP services, set the port for SSH to whatever port you want (for the purposes of this example, set it to port 9876). Depending on your firewall settings, you may need to explicitly allow that port in the Input chain.
In whatever device is doing the NAT, you will need to set up a port forwarding for port 9876 to the IP of the RouterOS device.

If I did not understand what you are trying to do, give a bit more detail on what you are trying to do.

nikc · January 4, 2017, 4:45pm

I’ll explain.

I have a 4G router (SXT LTE) that is connect to a UK provider that only issue CGNAT IP’s, so I cannot connect directly to any DNS name or IP for the router.

My thinking was to SSH out from the router to a Linux box I have with a fixed IP to establish and SSH tunnel that I could then use top manage the router remotely. The remote Linux box is on an non standard SSH port.

Open to alternative ways to achieve this but this is the easiest way I can think of (if its possible).

Nik

k6ccc · January 4, 2017, 5:12pm

Sorry, I did not understand what you were trying to do. Can’t help you with what you are trying to do.

Sob · January 4, 2017, 5:34pm

I don’t know about tunneling part, if SSH in RouterOS can do it or not, but connecting to non-standard port works:

/system ssh address=<address> port=<port>

nikc · January 4, 2017, 8:04pm

Thanks @Sob

I can connect to the remote but i don’t think its going to work as from the router I need to supply some more values like this:

ssh -fN -R 10022:sxtlte:22 relayserver_user@remotelinux

A real shame as I have a bunch of customers now on these devices using CGNAT and I cant find a way to remotely manage them

Sob · January 4, 2017, 9:07pm

I had a quick look and it looks like server does support tunneling, but client does not.

I’d simply use some VPN, e.g. SSTP or OpenVPN use just one TCP port, i.e. they should work with NAT just fine.