Here's how to proceed:
- Check that what you're doing is allowed, but make sure you ask the right people. Most people will cringe that you're opening the firewall, but what they don't understand is that it is completely encrypted. Furthermore, someone would need to hack your outside machine before getting into your company. Instead, you may belong to the school of "ask-for-forgiveness-instead-of-permission." Either way, use your judgment and don't blame me if this doesn't go your way.
- SSH from ginger to blackbox.example.com with the
-Rflag. I'll assume that you're the root user on ginger and that tech will need the root user ID to help you with the system. With the
-Rflag, you'll forward instructions of port 2222 on blackbox to port 22 on ginger. This is how you set up an SSH tunnel. Note that only SSH traffic can come into ginger: You're not putting ginger out on the Internet naked. You can do this with the following syntax:
~# ssh -R 2222:localhost:22 email@example.com
Once you are into blackbox, you just need to stay logged in. I usually enter a command like:
thedude@blackbox:~$ while [ 1 ]; do date; sleep 300; done
to keep the machine busy. And minimize the window.
- Now instruct your friends at tech to SSH as thedude into blackbox without using any special SSH flags. You'll have to give them your password:
root@tech:~# ssh firstname.lastname@example.org.
- Once tech is on the blackbox, they can SSH to ginger using the following command:
thedude@blackbox:~$: ssh -p 2222 root@localhost
- Tech will then be prompted for a password. They should enter the root password of ginger.