Master Reverse SSH Tunneling: Access Behind Firewalls Easily

Reverse SSH is a technique that allows you to access a system located behind a firewall from the external world.

SSH (Secure Shell) provides encrypted network communication for remote login and secure file transfer.

$ ssh [your-account-login]@[server-ip]

What is Reverse SSH?

When a firewall blocks inbound connections, you cannot directly SSH into a server behind it. However, the server can initiate outbound connections without restriction. Reverse SSH uses the -R option to let the server create a tunnel that forwards a remote port back to your local machine.

-R [bind_address:]port:host:hostport Specifies that connections to the given port on the remote (server) host are forwarded to the given host and port on the local side, establishing a secure channel for each connection.

How to Create a Reverse SSH Tunnel

On the remote server (the machine behind the firewall), run:

ssh -fN -R 7000:localhost:22 username@yourMachine-ipaddress

This command makes the remote server listen on port 7000; any connection to that port is forwarded to the server’s SSH port (22).

Then, from your local machine, connect to the forwarded port: ssh username@localhost -p 7000 Although the command appears to target localhost, the request is tunneled to the remote server, allowing you to log in with the remote account.

If you cannot rely on a friend behind the firewall each time, set up a permanently reachable machine (e.g., machine_z) that maintains the reverse tunnel.

On machine_z, configure the following SSH daemon settings in /etc/ssh/sshd_config or /etc/sshd_config:

Set appropriate values for TCPKeepAlive, ClientAliveInterval, ClientAliveCountMax, and GatewayPorts.

Restart the sshd service after any changes.

Run the initial SSH command with nohup so the tunnel persists after logout.

These steps ensure a stable reverse SSH tunnel that can be used for secure remote access without repeatedly requiring a collaborator behind the firewall.