Reverse SSH is used in situations where the destination machine is not reachable from the source but the destination can reach the source. Think of a NAT-ed network where the same outbound IP is used by multiple devices. This is quite common with virtual machines using NAT or servers in a remote location.
The reverse ssh tunnelling technique initiates a ssh connection from the destination to source (hence reverse) and allows the source to start new ssh connections using the same connection as the channel. Here are the steps:
- Create the tunnel from destination:
$ ssh -R source_unused_PORT:localhost:22 sourceuser@source_IP e.g. $ ssh -R 5555:localhost:22 email@example.com
source_unused_PORT is a random unused port on source, try something above 5000.
This tunnel has to remain alive throughout your session.
- Connect from source to destination:
$ ssh localhost -p source_unused_PORT e.g. $ ssh localhost -p 5555
Another situation where SSH tunnelling may prove handy: reach an unreachable host through a reachable host, where the reachable host’s network can reach the unreachable host). A simple command takes you there:
$ ssh -t reachable_host ssh unreachable_host