How to Access Firewalled Servers Using Reverse SSH Tunnels
Reverse SSH lets you reach machines behind restrictive firewalls by creating a tunnel from the remote server back to your local host, using the ssh -R option, and includes step‑by‑step commands, configuration tips, and a persistent machine setup for reliable access.
What is Reverse SSH?
Reverse SSH is a technique that enables you to access a system located behind a firewall from the outside world by establishing an SSH tunnel that originates from the remote server back to your local machine.
Using the -R Option
The SSH protocol supports encrypted communication between network nodes, allowing secure remote login and file transfer. When a firewall blocks inbound connections, you can use the -R option to reverse the direction of the tunnel.
-R [bind_address:]port:host:hostport Specifies that the given port on the remote (server) host should be forwarded to the given host and port on the local side. The SSH daemon listens on the remote port and forwards any incoming connections through a secure channel to the local host.
Creating a Reverse SSH Tunnel
On the remote server (the machine behind the firewall), run the following command to open a reverse tunnel:
ssh -fN -R 7000:localhost:22 username@yourMachine-ipaddressThis command tells the remote server to forward any connections received on port 7000 to its own SSH port 22, and to forward them to your local machine.
From your local machine, connect through the tunnel with: ssh username@localhost -p 7000 Although you are executing the command on localhost, the request is forwarded to the remote server, allowing you to log in as the remote user.
Persistent Access with a Dedicated Machine
Because the reverse tunnel requires a friend or a machine behind the firewall to initiate the connection, a practical solution is to set up a always‑on machine (referred to as machine_z) that is not restricted by the firewall. You create the reverse SSH tunnel on machine_z once, and later you can SSH to machine_z on the specified port to reach the remote server at any time.
Configuration Recommendations
Set TCPKeepAlive, ClientAliveInterval, ClientAliveCountMax, and GatewayPorts to appropriate values in /etc/ssh/sshd_config (or /etc/ssh/ssh_config).
If you modify any of these parameters, restart the sshd daemon to apply the changes.
Run the initial reverse‑SSH command with nohup so the session persists after you log out.
Optionally, configure password‑less SSH between machine_z and the remote server to avoid manual password entry.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Liangxu Linux
Liangxu, a self‑taught IT professional now working as a Linux development engineer at a Fortune 500 multinational, shares extensive Linux knowledge—fundamentals, applications, tools, plus Git, databases, Raspberry Pi, etc. (Reply “Linux” to receive essential resources.)
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.