Reverse SSH Tunneling

Have you ever wanted to ssh to your Linux box that sits behind NAT? You can to that by using reverse SSH tunneling. This document will show you step by step how to set up reverse SSH tunneling. The reverse SSH tunnel should work fine with any Unix like system.if(typeof __ez_fad_position != ‘undefined’){__ez_fad_position(‘div-gpt-ad-howtoforge_com-box-3-0’)};

Let’s assume that Destination’s IP is (Linux box that you want to access).if(typeof __ez_fad_position != ‘undefined’){__ez_fad_position(‘div-gpt-ad-howtoforge_com-medrectangle-3-0’)};

You want to access from Linux client with IP

Destination ( <- |NAT| <- Source (

1. SSH from the destination to the source (with public IP) using the command below:

ssh -R 19999:localhost:22 [email protected]

* port 19999 can be any unused port.

2. Now you can SSH from source to destination through SSH tunneling:

ssh localhost -p 19999

3. 3rd party servers can also access through Destination (

Destination ( <- |NAT| <- Source ( <- Bob’s server

3.1 From Bob’s server:if(typeof __ez_fad_position != ‘undefined’){__ez_fad_position(‘div-gpt-ad-howtoforge_com-medrectangle-4-0’)};

ssh [email protected]

3.2 After the successful login to Source:

ssh localhost -p 19999

* the connection between destination and source must be alive at all time.

Tip: you may run a command (e.g. watch, top) on Destination to keep the connection active.

About the Author

Leave a Reply