Edit

How to Create a Reverse Ssh Tunnel

Edited bySicks and 1 other

Article
Edit Discuss History
Create a Reverse Ssh Tunnel

Need to skirt around that pesky corporate firewall?

Or host a service while NATed?

What you need is a reverse SSH tunnel and you will be well on your way to confusing your friends trying to tell them what you've done.

Edit Steps

  1. 1
    Server: apt-get install openssh-server
  2. 2
    Server: ssh-keygen
    Server: ssh-keygen.
    Server: ssh-keygen.
  3. 3
    Client: apt-get install openssh-client
  4. 4
    Client: ssh-keygen
  5. 5
    Client: ssh-copy-id user@server
    Client: ssh-copy-id user@server.
    Client: ssh-copy-id user@server.
  6. 6
    Server: Edit /etc/ssh/sshd_config as root.
    • Change '#PasswordAuthentication yes' to 'PasswordAuthentication no'.
    • Add 'GatewayPorts clientspecified' to the end of the file.
      Add 'GatewayPorts clientspecified' to the end of the file.
      Add 'GatewayPorts clientspecified' to the end of the file.
  7. 7
    Client: Now we create the reverse tunnel with
    ssh -R 10.0.0.111:5555:127.0.0.1:4444 [email protected]
    • -R makes the tunnel reversed
    • 10.0.0.1 is the ip address of the interface on your server that is facing the Internet
    • 5555  is the servers port to listen on.
    • 4444 is the port to forward to on your client.
  8. 8
    Now you can open ports on the server to the Internet and forward them through your tunnel to your client.


Edit Tips

  • Use -nNR when creating the tunnel if you don't need a shell.
  • You can change the computer that the port is forwarded to by changing the local loop-back address (127.0.0.1) to the ip address of that computer. So, 10.0.0.111:5555:192.168.0.2:4444 would forward port 5555 on 10.0.0.111 to port 4444 on 192.168.0.2


Edit Warnings

  • Keep the id_rsa file created by ssh-keygen safe! This is you private key! Give it to no one! id_rsa.pub however, you can give out to anyone.


Edit Things You'll Need

  • Two computers: One that you will be forwarding ports to and the other that you can open to the Internet.
  • These instructions assume both systems are running Ubuntu or a similar distro.
  • Basic knowledge of the command line might help.

Articles for You to Write

Here is a list of suggested articles that have not yet been written. You can help by researching and writing one of these articles. To get started writing one of these articles, click on the red link of a title below.

Article Info

Last edited:
April 29, 2011 by MadHam

Categories:
Computers and Electronics

Recent edits by: Sicks (see all)

Article Tools

Share this Article:

Thanks to all authors for creating a page that has been read 894 times.

Was this article accurate?

YesNo

Thank the Authors

Give this article a +1


Bored?x

You could...

Fix Some Spelling Errors

We would love to have your help fixing some spelling errors!