1. Home
  2. Linux
  3. General
  4. How to Setup Reverse SSH Tunnel on Linux

How to Setup Reverse SSH Tunnel on Linux

How to Setup Reverse SSH Tunnel on Linux
How to Setup Reverse SSH Tunnel on Linux

In this guide tutorial we will teach you how to set up Reverse SSH tunnel on Linux.
If you have a Linux machine behind NAT and a VPS, you will want to SHH to the Linux machine behind NAT from your VPS but you may not want to bother with port forwarding or perhaps your machine behind NAT does not have a static IP address. For this we have a simple solution.

Step 1: Setting Up a reverse SSH Tunnel.

Begin by setting up the reverse on the machine that is behind NAT, do so by running the command below.

ssh -R 24553:localhost:22 user@111.111.111.111

 
Remember to replace the SSH user and IP address in the command above to your own SSH user and IP address.
The port which was used for the reverse tunnel in the command above is ‘24553’; do not hesitate to use any other port you would like to ensure that this port is open on the VPS you would like to connect the reverse tunnel to. You can check ‘iptables’ to see if the port was opened by running the command below.

iptables -L -vn

 
In the case that the output has a DROP all line at the bottom like in the example below.

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
 3214 3919K ACCEPT     all  --  *      *       10.20.30.1           0.0.0.0/0
    0     0 ACCEPT     all  --  *      *       10.20.31.2           0.0.0.0/0
 631K  855M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
 329K   17M DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

 
Or an input policy set to DROP like in the example below.

Chain INPUT (policy DROP 329K packets, 17M bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
 3214 3919K ACCEPT     all  --  *      *       10.20.30.1           0.0.0.0/0
    0     0 ACCEPT     all  --  *      *       10.20.31.2           0.0.0.0/0
 631K  855M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED

 
Then you will have to open the port in iptables by running the command below.

iptables -I INPUT 1 -p tcp --dport 24553 -j ACCEPT

 
Obviously, you will need to ensure that the ‘–dport’ is replaced with your port number of choice.

Step 2: Connecting to the SSH tunnel

This step is quite simple, you simply have to run the command below on the VPS.

ssh localhost -p 24553

 
You could also SSH from other machines to the NAT’ed machine. To do this, first log into your VPS.

ssh user@111.111.111.111

 
Once you have logged into the machine from your VPS, run the below.

ssh localhost -p 24553

 

Step 3: Creating a persistent SSH tunnel

Since the tunnel you have made is not going to be persistent and will be dropped if the connection on the Linux machine behind NAT drops, you will need to make sure that your reverse SSH tunnel is persistent; you can do so by installing ‘autossh’.
For Debian/Ubuntu systems you can run the command below to install autossh.

apt-get install autossh

 
For RHEL/CentOS systems you can run the command below to install autossh.

yum install autossh

 
You must now create the reverse SSH tunnel on the machine behind Nat, then run the command below.

autossh -M 20110 -o ServerAliveInterval=20 -R 24553:localhost:22 user@111.111.111.111 & >/dev/null 2>&1

 
Next, log into the machine behind NAT by running the command below on the VPS.

ssh localhost -p 24553

 
This is all, you now have a reverse SSH tunnel successfully set up on Linux.

Updated on February 2, 2019

Was this article helpful?

Related Articles

Leave a Comment

[apsl-login-lite login_text='Please login with a social account']