After spending 5 days worth of time I thought I would write this up to save people the time I spent.
Create a new user by following the directions located here /tut:adding-your-own-users.
Log into your router as root and enter the following commands.
mkdir /home/$UNAM/.ssh touch /home/$UNAM/.ssh/authorized_keys echo "command="echo 'Go Away.'",no-agent-forwarding,no-X11-forwarding" > /home/$UNAM/.ssh/authorized_keys
Copy a public key, generated specifically for the "r-tunnel" user, onto the same line as "command="echo 'Go Away.'",no-agent-forwarding,no-X11-forwarding" into the authorized_keys file above.
Save the file.
nvram setfile2nvram /home/$UNAM/.ssh/authorized_keys nvram commit
You may now want to delete the password from /tmp/etc/shadow.custom to prevent password logins.
Change: rtunneluser:$1$AAoxxU.8$auu1uBprTz0gCKi4QCf5b1:11636:0::: :: To: rtunneluser::11636:0:::::
Save your file.
nvram setfile2nvram /tmp/etc/shadow.custom nvram commit
In the web gui, add the following code to the Init startup script, where rtunnel is your new username.
chmod 755 -R /tmp/home/rtunnel/
Save and reboot.
You should now be able to ssh into your router using your private key. You will not be able to access the shell, which is a good thing!
The following assumes the machine you want to reverse tunnel from is running Ubuntu.
apt-get install autossh touch /etc/init/autossh.conf
Paste the following code into the file, this is an upstart file to auto establish the ssh reverse tunnel and keep it up.
You will need to modify it with your username (mine is rtunnel), your router's wan IP, and your private key.
# autossh startup Script description "autossh daemon startup" start on net-device-up IFACE=eth0 stop on runlevel [01S6] respawn respawn limit 5 60 # respawn max 5 times in 60 seconds script export AUTOSSH_PIDFILE=/var/run/autossh.pid export AUTOSSH_POLL=60 export AUTOSSH_FIRST_POLL=30 export AUTOSSH_GATETIME=0 export AUTOSSH_DEBUG=1 exec autossh -M 0 -N -R 2722:localhost:22 rtunnel@YOUR-IP-ADDRESS -p 2222 -i !/.ssh/privatekey -o "BatchMode=yes" -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -o "StrictHostKeyChecking=no" end script
Now on your "client" PC - the one you will be using, edit ~/.ssh/config to use the reverse tunnel to connect to the machine behind the firewall.
Create the following entry, editing your simple host name "remotepc", your remote username "remotepc-username", your remote private key, and your routers WAN ip and private key.
Host remotepc HostName localhost Port 2722 User remotepc-username ForwardAgent yes IdentityFile ~/.ssh/remotepc-privatekey ProxyCommand ssh rtunnel@router-wan-ip -p 2222 -i ~/.ssh/rtunnel_privatekey -W %h:%p
When using this config, the ProxyCommand is ran first to connect to your router, this ssh command should be very similar to what you would typically use with "-W %h:%p" added to the end.
The information above this line are your typical ssh settings to connect to your remote pc, assuming you were on the same network. YOU NEED ITS PRIVATE KEY ON YOUR CLIENT MACHINE (the one you will be using to access the remote pc).