ssh_reverse_tunneling
This is an old revision of the document!
SSH reverse tunneling
First make sure, you have passwordless auth on the systems. use ssh-copy-id for that.
Dest | NAT | Source
on the Dest Host: ssh -f -N -R 10000:localhost:22 sourceuser@Dest on the Source Host: ssh localhost -p 10000
Problem with that solution is, that you always have to make sure that the tunnel from Dest to Source is in place. You can do that by a cronjob for example. But you may want to prefer to use autossh!
autossh -f -N -M 10984 -o "PubkeyAuthentication=yes" -o "PasswordAuthentication=no" -R 10000:localhost:22 sourceuser@Dest
Dest | NAT | Middle | Source
If destination isn't always on, eg your laptop at home, you may want to use a middleman host
on the Dest Host: ssh -f -N -R 10000:localhost:22 middleuser@middle on the Source Host: ssh middleuser@middle ssh -p 10000 destuser@127.0.0.1
you may want to put that in your /etc/rc.local, once you got it to work.
autossh -f -N -M 10984 -o "PubkeyAuthentication=yes" -o "PasswordAuthentication=no" -R 10000:localhost:22 middleuser@middle &
note the “&” at the end, forgetting it may hang up your box at boot!
ssh_reverse_tunneling.1449485600.txt.gz · Last modified: 2015/12/19 14:59 (external edit)