Reverse SSH Tunnel
Without the ability to port forward a network under a NAT, your server is useless. In the case that you are incapable of allowing incoming traffic to certain ports into your network, you can use a reverse tunnel to give tunnel necessary services through another server elsewhere.
On the proxy server, edit /etc/ssh/sshd_config
.
$ sudo nano /etc/ssh/sshd_config
If it doesn't exist already, add the following line:
GatewayPorts clientspecified
Now restart the SSH daemon. Note: non Debian/Ubuntu systems use sudo systemctl restart sshd
$ sudo systemctl restart ssh
Finally, you can create the tunnel on the client. The format is ssh -N -R :<local port>:localhost:<remote port> <username>@<remote ip>
$ ssh -N -R :9000:localhost:22 [email protected]
Creating a persistent tunnel
Using the command above does not keep the connection alive if the connection is lost. To make it a persistent connection, we can use autossh
.
sudo apt install autossh
or
sudo yum install autossh
Then, to start it run:
autossh -M 20110 -o ServerAliveInterval=20 -R :9000:localhost:22 [email protected] & >/dev/null 2>&1