Reverse SSH Tunnel

From Bibliotheca Anonoma
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Without the ability to port forward a network under a NAT, your server is useless. In the case that you are incapable of allowing incoming traffic to certain ports into your network, you can use a reverse tunnel to give tunnel necessary services through another server elsewhere.

On the proxy server, edit /etc/ssh/sshd_config. 

$ sudo nano /etc/ssh/sshd_config

If it doesn't exist already, add the following line: 

GatewayPorts clientspecified

Now restart the SSH daemon. Note: non Debian/Ubuntu systems use sudo systemctl restart sshd 

$ sudo systemctl restart ssh

Finally, you can create the tunnel on the client. The format is ssh -N -R :<local port>:localhost:<remote port> <username>@<remote ip> 

$ ssh -N -R :9000:localhost:22 [email protected]

Creating a persistent tunnel

Using the command above does not keep the connection alive if the connection is lost. To make it a persistent connection, we can use autossh. 

sudo apt install autossh

or 

sudo yum install autossh

Then, to start it run: 

autossh -M 20110 -o ServerAliveInterval=20 -R :9000:localhost:22 [email protected] & >/dev/null 2>&1

Resources

Retrieved from "https://wiki.bibanon.org/index.php?title=Reverse_SSH_Tunnel&oldid=5965"