Reverse SSH tunnels

p2p_network_compReverse SSH is used in situations where the destination machine is not reachable from the source but the destination can reach the source. Think of a NAT-ed network where the same outbound IP is used by multiple devices. This is quite common with virtual machines using NAT or servers in a remote location.

The reverse ssh tunnelling technique initiates a ssh connection from the destination to source (hence reverse) and allows the source to start new ssh connections using the same connection as the channel. Here are the steps:

  • Create the tunnel from destination:
    $ ssh -R source_unused_PORT:localhost:22 sourceuser@source_IP
    e.g.
    $ ssh -R 5555:localhost:22 user@10.10.10.10

    source_unused_PORT is a random unused port on source, try something above 5000.
    This tunnel has to remain alive throughout your session.

  • Connect from source to destination:
    $ ssh localhost -p source_unused_PORT
    e.g.
    $ ssh localhost -p 5555

Another situation where SSH tunnelling may prove handy: reach an unreachable host through a reachable host, where the reachable host’s network can reach the unreachable host). A simple command takes you there:

$ ssh -t reachable_host ssh unreachable_host

Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s