Reverse SSH Tunnel

Recently went to setup a reverse SSH tunnel and had a few issues such as connections not being allowed, or otherwise. There is also a strong gotcha not documented clearly on the Internet, you can only have one connection per port on the intermediary host. If you want more than one host, you need to use multiple ports; sorry this is the way it is.

Before starting, make sure on BOTH hosts, install:

sudo apt-get install -y openssh-server

On the side you want to remote back into (the host on the outside unable to connect in), needs to have the following option added into sshd_config if it is not already present.

sudo vi /etc/ssh/ssd_config
GatewayPorts yes

Edit hosts.allow and add the directive:

sudo vi /etc/hosts.allow
sshd: ALL

Now restart SSH (and punch a hole in the firewall if you need too)

sudo service ssh restart

On the remote host (the one you wan to be able to remote into - the one behind the firewall), connect to the Internet host.

ssh -v -fN -R 8080:localhost:22 rbrash@192.168.1.100

On the host which was just connected too, now you can access it via the following command:

ssh -l user localhost -p 8080

Blog tags: 

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd> <python> <c>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.