Log in to relayserver, and verify that 127.0.0.1:10022 is bound to sshd. This option is useful when you do not want to execute any command on a remote SSH server, and just want to forward ports, like in our case.Īfter running the above command, you will be right back to the command prompt of homeserver. With -fN option, SSH will go right into the background once you successfully authenticate with an SSH server. It forwards traffic on port 10022 of relayserver to port 22 of homeserver. The -R 10022:localhost:22 option defines a reverse tunnel. Just make sure that this port is not used by other programs on relayserver.
Here the port 10022 is any arbitrary port number you can choose. homeserver~$ ssh -fN -R 10022:localhost:22 On homeserver, open an SSH connection to relayserver as follows. The public IP address of relayserver is 1.1.1.1. We will be setting up a reverse SSH tunnel from homeserver to relayserver, so that we can SSH to homeserver via relayserver from another computer called clientcomputer. Let's see how we can create and use a reverse SSH tunnel. As long as the relay host is reachable to you, you can connect to your home server wherever you are, or however restrictive your NAT or firewall is in your home network. With that, you can connect "back" to the home server from the relay host (which is why it's called a reverse tunnel). What you do then is to set up a persistent SSH tunnel from the server in your home network to the public relay host. You could set up a relay host using a VPS instance with a public IP address. For this, you will need another host (so-called relay host) outside your restrictive home network, which you can connect to via SSH from where you are. The concept of reverse SSH tunneling is simple. One alternative to SSH port forwarding is reverse SSH tunneling. Besides, it can be interfered with under various ISP-specific conditions, such as restrictive ISP firewalls which block forwarded ports, or carrier-grade NAT which shares IPv4 addresses among users. However, port forwarding can become tricky if you are dealing with multiple nested NAT environment. How would you set that up? SSH port forwarding will certainly be an option. Now you want to SSH to the home server while you are away from home. You are running a Linux server at home, which is behind a NAT router or restrictive firewall.
#Persistent ssh tunnel how to#
How to access a Linux server behind NAT via reverse SSH tunnel
0 kommentar(er)
