Reverse SSH tunneling allows you to access a host by traversing a firewall / nat router by creating an outbound session from the obfuscated machine. SSH is a very useful and powerful tool when comes time to access a remote machine or server securely. If you have a machine behind a firewall or NAT router – we can use this method to create a tunnel to a remote server; from which you can ssh to a port on the remote server to access a local shell session on the server behind the network obstruction.
Install AutoSSH with the following:
sudo apt install autossh
AutoSSH can be run from systemd, rc.local, chron or any other method you prefer.
autossh -M 10900 -fN -o "PubkeyAuthentication=yes" -o "StrictHostKeyChecking=false" -o "PasswordAuthentication=no" -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -R remote.host.com:16001:localhost:22 [email protected]
In the above 16001 is used as the port on the remote server which you will connect to, this can be changed to your liking. After autossh is running, you can connect to your tunnel (from the target server, so connect via ssh from the client):
ssh -p 16001 root@localhost
Note that with this example, passwordless ssh is already configured. Test your connection prior to setting up autossh!
