For most connections, you can just use regular SSH tunneling. However, for some sceanrio, like a machine behind NAT box or firewall, can't get direct ssh connection to it. How do you deal with it?

The easy solution to use is reverse SSH tunneling, here is how.

Suppose you want to access a remote server behind NAT.

On Remote Server

Setup a reverse SSH tunnel from remote server to local client.

ssh -R 2014:localhost:22 user@client

On Client Server

Now you can ssh to the remote server from client.

ssh localhost -p 2014


1. If you want keep this tunnel connection for longer period of time, then make sure the ssh connection is alive all the time.

2. For often use case, consider to have a passprase free ssh connection

Advanced example:

For some cases like both servers are behind firewalls or NAT boxes. Either direct or reverse tunneling won't work.

A third server sitting between firewalls of them is needed.

Suppose Server A and B are behind two firewalls, Server M is in the middle of two firewalls.


On Server A

ssh -R 2000:localhost:22 user@M

On Server B

ssh -L 2014:localhost:2014 user@M

Now, on Server B, you can acces A like this

ssh localhost -p 2014

Server M acts as a relay point in above case, similarily, you can setup multiple relay point if needed.


Comments powered by CComment