What is reverse SSH tunneling? (and how to use it)

Do you need to SSH to an unreachable Linux computer? Let him call you, then dig that connection in for your own remote SSH session. We’ll show you how.

When to use reverse SSH tunneling

Sometimes remote computers are difficult to reach. The site they are on may have strict firewall rules or may have local ones admin set up complex Network address translation Rules. How do you reach such a computer when you need to connect to it?

Let’s make some labels. Your computer is the local computer because it is near you. The computer you want to connect to is the remote computer because it is in a different location from you.

To distinguish between the local and remote computers used in this article, the remote computer is named “howtogeek” and is running Ubuntu Linux (with purple terminal windows). The local computer is called “Sulaco” and runs with Manjaro Linux (with yellow terminal windows).

Usually you would fire and SSH connection from the local computer and connect to the remote computer. This is not an option in the network scenario we are describing. It really doesn’t matter what the network problem is – this is useful when you can’t access a remote computer directly via SSH.


However, if the network configuration is straightforward on your side, the remote computer can connect to you. However, that alone is not enough for your needs because it does not provide you with a working command line session on the remote computer. But it is a start. You have established a connection between the two computers.

The answer lies in reverse SSH tunneling.

What is reverse SSH tunneling?

Reverse SSH tunneling allows you to use this established connection to make a new connection from your local computer back to the remote computer.

Since the original connection was from the remote computer to you, use it in the other direction to use it “the other way around”. And because SSH is secure, you add a secure connection to an existing secure connection. This means that your connection to the remote computer acts as a private tunnel within the original connection.

And so we come to the name “Reverse SSH Tunneling”.

How does it work?

Reverse SSH tunneling relies on the remote computer using the established connection to listen for new connection requests from the local computer.

The remote computer listens on a network port on the local computer. When it detects an SSH request to this port, it forwards this connection request back to itself via the established connection. This will establish a new connection from the local computer to the remote computer.


It’s easier to set up than describe.

Use SSH reverse tunneling

SSH is already installed on your Linux computer, but you may need to start the SSH daemon (sshd) if the local computer has never accepted SSH connections.

sudo systemctl start sshd

To start the SSH daemon every time you restart your computer, use this command:

sudo systemctl enable sshd

On the remote computer we will use the following command.

  • the -R (reverse) option says ssh that new SSH sessions must be created on the remote computer.
  • The “43022: localhost: 22” says ssh that connection requests on port 43022 on the local computer should be forwarded to port 22 on the remote computer. Port 43022 was chosen because it was listed as unassigned. It’s not a special number.
  • [email protected] is the user account that the remote computer will connect to on the local computer.
ssh -R 43022:localhost:22 [email protected]

You may get a warning that you have never connected to the local computer before. Or you might see a warning when the connection details are added to the list of discovered SSH hosts. What you see, if anything, depends on whether any connections have ever been made from the remote computer to the local computer.

You will be prompted for the password of the account you are using to connect to the local computer.

Note that the prompt changes from dave @ howtogeek to dave @ sulaco when the connection is established.


We are now connected to the local computer from the remote computer. That means we can give him orders. Let’s use that who Command to display the logins on the local computer.

who

We can see that the person with the user account dave logged into the local computer and the remote computer connected (with the same user credentials) from the IP address 192.168.4.25.

How to determine the current user account on Linux

Connect to the remote computer

Since the connection from the remote computer is successful and listening for connections, we can try to connect to the remote computer from the local computer.

The remote computer listens on port 43022 on the local computer. In order to establish a connection with the remote computer, we are therefore asking – somewhat counterintuitively – for ssh to connect to the local computer on port 43022. This connection request is forwarded to the remote computer.

ssh localhost -p 43022

We will be prompted for the user account password and then connected to the remote computer from the local computer. Our Manjaro computer happily says, “Welcome to Ubuntu 18.04.2 LTS”.

Reverse SSH tunnel connection to the remote computer

Notice that the prompt has changed from dave @ sulaco to dave @ howtogeek. We have achieved our goal of SSH connection to our hard-to-reach remote computer.

Use SSH with keys

To make the connection from the remote computer to the local computer more convenient, we can set up SSH keys.

On the remote computer, enter this command:

ssh-keygen


You will be prompted for a passphrase. You can press Enter ignoring the passphrase questions, but it is not recommended. This would mean anyone on the remote computer could SSH to your local computer without being asked for a password.

Three or four words separated by symbols make a robust passphrase.

Your SSH keys will be generated.

We need to transfer the public key to the local computer. Use this command:

ssh-copy-id [email protected]

You will be asked for the password for the user account you are logging into, in this case [email protected]

The first time you make a connection request from the remote computer to the local computer, you must provide the passphrase. You don’t have to enter it again for future connection requests as long as the terminal window remains open.

Dialog box

How to create and install SSH keys from the Linux shell

Not all tunnels are scary

Some tunnels can be dark and winding, but reverse SSH tunneling isn’t too difficult to navigate if you can keep the relationship between the remote computer and the local computer clear in your head. Then turn back. To make it easier, you always can set up an SSH configuration file that allows you to streamline things like tunneling or SSH agent forwarding.

Related Posts