Create Reverse SSH Tunnel

Owned by Joey Houy (Unlicensed)
Last updated: Oct 23, 2018

When you need to create reverse SSH tunnel from your system/node.

**This is a security risk if the tunnel is left open; please advise with your IT/SysAdmin prior to opening up reverse SSH tunnel for ANYONE. Exxact Corp is not responsible for any security-related issues/events if using the below article to assist in this procedure.**

Step-by-step guide

  1. SSH from the destination to the source (with public IP) using the command below:

    ssh –f –N –T –R 19999:localhost:22 sourceuser@138.47.99.99

## '19999' can be any unused port

  2. Now you can SSH from source to destination through SSH tunneling:

    ssh localhost -p 19999
  3. 3rd party servers can also access 192.168.20.55 through Destination (138.47.99.99)
    Destination (192.168.20.55) <- |NAT| <- Source (138.47.99.99) <- Bob's server 

    1. From Example's server:

      ssh sourceuser@138.47.99.99

    2. After the successful login to Source:

      ssh localhost -p 19999

## the connection between destination and source must be alive AT ALL TIMES
  4. Closing SSH tunnel:
    • Rebooting system
    • Find the process and kill the PID

    • Remove all SSH sessions, all of them...

      sudo killall ssh

Tips:

  • you may run a command (e.g. watch, top) on Destination to keep the connection active
  • If your system sleeps, it may close the SSH tunnel; article to disable the 'sleep/hibernate' function: Disable Ubuntu sleep timer