Reverse SSH tunnels

p2p_network_compReverse SSH is used in situations where the destination machine is not reachable from the source but the destination can reach the source. Think of a NAT-ed network where the same outbound IP is used by multiple devices. This is quite common with virtual machines using NAT or servers in a remote location.

The reverse ssh tunnelling technique initiates a ssh connection from the destination to source (hence reverse) and allows the source to start new ssh connections using the same connection as the channel. Here are the steps:

  • Create the tunnel from destination:
    $ ssh -R source_unused_PORT:localhost:22 sourceuser@source_IP
    $ ssh -R 5555:localhost:22 user@

    source_unused_PORT is a random unused port on source, try something above 5000.
    This tunnel has to remain alive throughout your session.

  • Connect from source to destination:
    $ ssh localhost -p source_unused_PORT
    $ ssh localhost -p 5555

Another situation where SSH tunnelling may prove handy: reach an unreachable host through a reachable host, where the reachable host’s network can reach the unreachable host). A simple command takes you there:

$ ssh -t reachable_host ssh unreachable_host

Leave a Reply

Your email address will not be published. Required fields are marked *