# HG changeset patch # User Oleksandr Gavenko # Date 1228427534 -7200 # Node ID da5840c37b4edb9dc7401524cf6a28ad4534bd68 # Parent c676a664a5efcb6bc42b9469c2e96e50b77ca507# Parent 3dc9eb26cd348df580ae5003e3b90399fdf99615 merge diff -r 3dc9eb26cd34 -r da5840c37b4e ssh.rst --- a/ssh.rst Thu Dec 04 23:50:13 2008 +0200 +++ b/ssh.rst Thu Dec 04 23:52:14 2008 +0200 @@ -50,3 +50,37 @@ $ ssh user@192.168.1.38 или $ ssh -l user 192.168.1.38 + +* Reverse SSH Tunneling + +Have you ever wanted to ssh to your Linux box that sits behind NAT? Now you can with +reverse SSH tunneling. This document will show you step by step how to set up reverse SSH +tunneling. The reverse SSH tunneling should work fine with Unix like systems. + +Let's assume that Destination's IP is 192.168.20.55 (Linux box that you want to access). + +You want to access from Linux client with IP 138.47.99.99. +Destination (192.168.20.55) <- |NAT| <- Source (138.47.99.99) + +SH from the destination to the source (with public ip) using command below: + + $ ssh -R 19999:localhost:22 sourceuser@138.47.99.99 + +port 19999 can be any unused port. +Now you can SSH from source to destination through SSH tuneling: + + $ ssh localhost -p 19999 + +3rd party servers can also access 192.168.20.55 through Destination (138.47.99.99). +Destination (192.168.20.55) <- |NAT| <- Source (138.47.99.99) <- Bob's server + +From Bob's server: + + $ ssh sourceuser@138.47.99.99 + +After the sucessful login to Source: + + $ ssh localhost -p 19999 + +The connection between destination and source must be alive at all time. Tip: you may run +a command (e.g. watch, top) on Destination to keep the connection active.