User Tools

Site Tools


ssh_reverse_tunneling

SSH reverse tunneling

First make sure, you have passwordless auth on the systems. use ssh-copy-id for that.

Dest | NAT | Source

on the Dest Host: 

ssh -f -N -R 10000:localhost:22 sourceuser@Dest

on the Source Host: 

ssh localhost -p 10000

Problem with that solution is, that you always have to make sure that the tunnel from Dest to Source is in place. You can do that by a cronjob for example. But you may want to prefer to use autossh!

autossh -f -N -M 10984 -o "PubkeyAuthentication=yes" -o "PasswordAuthentication=no" -R 10000:localhost:22 sourceuser@Dest

Dest | NAT | Middle | Source

If destination isn't always on, eg your laptop at home, you may want to use a middleman host

on the Dest Host: 

ssh -f -N -R 10000:localhost:22 middleuser@middle

on the Source Host: 

ssh middleuser@middle
ssh -p 10000 destuser@127.0.0.1

you may want to put that in your /etc/rc.local, once you got it to work.

autossh -f -N -M 10984 -o "PubkeyAuthentication=yes" -o "PasswordAuthentication=no" -R 10000:localhost:22 middleuser@middle &

note the “&” at the end, forgetting it may hang up your box at boot!

ssh_reverse_tunneling.txt · Last modified: 2015/12/19 14:59 by 127.0.0.1