Reverse SSH tunneling


  1. Setting up the reverse tunnel
  2. More uses

Reverse SSH tunneling allows you to open a port on a remote machine to tunnel to your local machine. You can do all sorts of things with this, but the most common scenario is: you have a machine that cannot listen on any ports (perhaps due to a NAT or firewall), but you want to be able to connect to it from the outside.

Setting up the reverse tunnel

I have two machines: office is in my office and behind the corporate firewall, and home, which is a machine I have sitting at home. When I'm at home, sometimes I want to connect to my office machine, but I can't directly do that because the firewall prevents inbound connections.

By setting up a reverse tunnel from office to home, I can then use the tunnel to get back into office. Of course, you have to be able to make outbound SSH connections from office for this to work.

[icydog@office ~]$ ssh -R 10000:localhost:22

This sets up a tunnel from the remote (home) port 10000 to the local (office) localhost:22, where 22 is the SSH port. (You can, of course, use any port you want instead of 10000, but ports below 1024 require root.) Now, when I get home, to SSH into my office machine I just do:

[icydog@home ~]$ ssh -p 10000 localhost

This tells SSH to connect to localhost:10000, which has a tunnel to office:22. And that's it!

More uses

This option is very flexible. If office is a Windows machine, it probably won't do you much good to have a tunnel to its port 22. But this works just as well with port 3389 (the remote desktop port). Yes, PuTTY does support the -R option.

In addition, if you replace localhost in the command line above with something else, you can have office act as a proxy. If you have an intranet site called internal that can be accessed from office but not home, you could run this:

[icydog@office ~]$ ssh -R 10000:internal:80

And then when you get home, point your browser to localhost:10000 to see what's on the internal site.