Created: Jul, 2015 Last modified: Jul, 2015
Think of a case like this: Alice runs a server with public IP, and she wants to access Bob’s server behind a firewall:
Bob (email@example.com, SSH port 22) <–> Firewall <–> Alice (firstname.lastname@example.org, SSH port 2222).
Although direct SSH won’t work, she can still use SSH reverse tunneling.
ssh -p2222 -R 12345:localhost:22 email@example.com
with the password to Alice’s server. This will create an SSH tunnel between port 12345 (facing Alice) on Alice’s server and port 22 on Bob’s server.
ssh -p12345 bob@localhost
with password to Bob’s server.
Here is another case: what if two sides (Bob and Alice) are both behind firewalls? Then a third server (Jim) with public IP should be involved. Bob initiates a SSH tunnel to Jim’s server, and Alice can log in Jim’s server to access Bob’s server, which is very similar to the above.
One can also use autossh for this task like:
autossh -M 0 -N -p2222 -R 12345:localhost:22 firstname.lastname@example.org
Autossh will monitor the SSH link state, and take actions when exceptions happen (e.g., reconnect if the link is lost, etc.).