Reverse SSH Tunnelling

Reverse SSH Tunnelling is helpful when you want to connect to an unexposed IP or an IP behind a router or firewall.

Typical scenario is when you want to access your home pc without exposed ip and/or which is under a big network firewall from outside.

What you need is,

1. a shell account in the main server. (main server here =
2. home PC running linux with sshd which accepts remote login.

This is what you do,

In your home PC, you do something like

`ssh -C -g -R 1234:localhost:22`

Remember should be a valid account at because it will ask you for the password to after you issue the command. Only after you specify the correct password, your tunnel will be created. After you do that, simply just leave the connection open. Do not close it!

The above command basically just tells the sshd to forward any connections made to it as localhost as the hostname at port 1234 to your home PC.

Now when you go outside, you can

1. Just login to
2. and type `ssh -p 1234 localhost`
3. it will redirect you to your linux box at home :)

Good luck and have fun.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Timed out

Hmm, exactly what I need. Doesn't seem to work for me though, the reflexive connection just times out. :/

`-f` option in OpenSSH and SS

`-f` option in OpenSSH and SSH1 will give you
`Cannot fork into background without a command to execute` error.

in SSH2 you need to use `-fo` which will let you fork in the background, but the problem is, it will only make the tunnel active for 1 remote connection. After the connection is gone, so is the tunnel link!

A good workaround for this issue which applies to both SSH1, SSH2 and OpenSSH would be
`ssh -C -g -R 1234:localhost:22 sleep 30d`

This will make the tunnel active for 30 days which is already a good amount of time.

I am not sure if `-N` combined with `-f` has a solution for this problem as i have not tried it. It might solve the `Cannot fork into background without a command to execute` problem but it might still just be able to provide the tunnel for only 1 time.

Is there anyway, one can make his webserver accessible via this method?

webserver access

I imagine one could write a cgi script to open the client connection in the background!??!

-N for no command option

Stay away from SSH1.

The -N option does exactly that (protocol version 2 only) - says do not execute remote command. It will fork into background keeping the connection alive.

Fork SSH tunnel to background

Use -N and -f to fork the tunnel to background.

Command line will then look like below:

$ ssh -N -f -C -g -R 1234:localhost:22

Related Reading: SSH Tunneling