We’ll explain to you, how to set up reverse SSH tunnel on Linux. Let’s say you have a Linux machine behind NAT and a VPS.You want to SSH to the Linux machine behind NAT from your VPS but you don’t want to bother with port forwarding or your machine behind NAT doesn’t have a static IP address. We have an easy solution, in today’s tutorial we are going to learn how to set up a reverse SSH tunnel on Linux.
1. Setting up a reverse SSH tunnel
We’ll start by setting up the reverse SSH tunnel on the machine that is behind NAT, do that by typing in the following command:
ssh -R 24553:localhost:22 [email protected]
Note: Make sure to substitute the SSH user and IP address in the command above to your own SSH user and IP address.
The port used for the reverse tunnel in the command above is 24553, feel free to use whatever port you like and make sure this port is open on the VPS you want to connect the reverse tunnel to.You can check iptables if the port is open by executing the following command:
iptables -L -vn
If the output has a DROP all line at the bottom like the following example:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 3214 3919K ACCEPT all -- * * 10.20.30.1 0.0.0.0/0 0 0 ACCEPT all -- * * 10.20.31.2 0.0.0.0/0 631K 855M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 329K 17M DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Or an INPUT policy set to DROP like the following example:
Chain INPUT (policy DROP 329K packets, 17M bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 3214 3919K ACCEPT all -- * * 10.20.30.1 0.0.0.0/0 0 0 ACCEPT all -- * * 10.20.31.2 0.0.0.0/0 631K 855M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
Then you will need to open the port in iptables by executing the command:
iptables -I INPUT 1 -p tcp --dport 24553 -j ACCEPT
Of course, make sure to replace the value in “–dport” for your preferred port number.
2. Connecting to the SSH tunnel
This is really easy and is done by executing the following command on the VPS:
ssh localhost -p 24553
You can also SSH from other machines to the NAT’ed machine, you can do that by first logging into your VPS:
ssh [email protected]
And then logging in to the machine from your VPS:
ssh localhost -p 24553
3. Creating a persistent SSH tunnel
The tunnel we created above won’t be persistent and will be dropped if the connection on the Linux machine behind NAT drops, if we want to make our reverse SSH tunnel persistent we need to install autossh.
For Ubuntu/Debian execute the following command to install autossh:
apt-get install autossh
For RHEL/CentOS execute the following command to install autossh:
yum install autossh
Now we need to create the reverse SSH tunnel on the machine behind NAT, execute the following command:
autossh -M 20110 -o ServerAliveInterval=20 -R 24553:localhost:22 [email protected] & >/dev/null 2>&1
And then log in to the machine behind NAT by executing the following command on your VPS:
ssh localhost -p 24553
That’s it, now you have successfully set up a reverse SSH tunnel on Linux.
Of course, if you use one of our Linux support services, you can always contact and ask our expert Linux admins (via chat or ticket) to set up a reverse SSH tunnel on your Linux VPS for you. They are available 24×7 and will provide information or assistance immediately.
PS. If you liked this post on how to use please share it with your friends on the social networks using the buttons below or simply leave a reply. Thanks.