Reverse SSH – Defeating NAT and firewalls not under your control

Date October 10, 2009

I have a good friend learning Linux, and I’m trying to help him along as best as I can.  Normally, I’d ask him to open up port 22 and start SSH, giving me a user account to log in.  However, his connection is via satellite internet, and there’s some funky routing and NAT going on from the provider’s side.  He doesn’t have a true external IP, and hence, can’t forward that port.

Enter reverse SSH.  With reverse SSH, I had my friend use SSH to forward one of my local machine’s ports back to his own machine’s port 22.  Then, I connect to my own machine via that tunnel which allows me to connect to his.  It sounds more complicated than it is.

From the firewalled machine, connect to another host.  This can be any machine that both parties have access to with an SSH account.


$ ssh -f -N 2022:localhost:22 username@remote.example.com

Once the user has connected, from the remote.example.com machine, you can SSH back to the firewalled host, like this:


$ ssh username@localhost -p2022

You’re connecting to port 2022 on your localhost, which is a tunnel back to the firewalled client’s SSH server on port 22.

That’s all there is to it.

Category Posted in blog entries

Comments are closed.