# HG changeset patch
# User Oleksandr Gavenko <gavenkoa@gmail.com>
# Date 1228427534 -7200
# Node ID da5840c37b4edb9dc7401524cf6a28ad4534bd68
# Parent  c676a664a5efcb6bc42b9469c2e96e50b77ca507# Parent  3dc9eb26cd348df580ae5003e3b90399fdf99615
merge

diff -r 3dc9eb26cd34 -r da5840c37b4e ssh.rst
--- a/ssh.rst	Thu Dec 04 23:50:13 2008 +0200
+++ b/ssh.rst	Thu Dec 04 23:52:14 2008 +0200
@@ -50,3 +50,37 @@
      $ ssh user@192.168.1.38
    или
      $ ssh -l user 192.168.1.38
+
+* Reverse SSH Tunneling
+
+Have you ever wanted to ssh to your Linux box that sits behind NAT? Now you can with
+reverse SSH tunneling. This document will show you step by step how to set up reverse SSH
+tunneling. The reverse SSH tunneling should work fine with Unix like systems.
+
+Let's assume that Destination's IP is 192.168.20.55 (Linux box that you want to access).
+
+You want to access from Linux client with IP 138.47.99.99.
+Destination (192.168.20.55) <- |NAT| <- Source (138.47.99.99)
+
+SH from the destination to the source (with public ip) using command below:
+
+  $ ssh -R 19999:localhost:22 sourceuser@138.47.99.99
+
+port 19999 can be any unused port.
+Now you can SSH from source to destination through SSH tuneling:
+
+  $ ssh localhost -p 19999
+
+3rd party servers can also access 192.168.20.55 through Destination (138.47.99.99).
+Destination (192.168.20.55) <- |NAT| <- Source (138.47.99.99) <- Bob's server
+
+From Bob's server:
+
+  $ ssh sourceuser@138.47.99.99
+
+After the sucessful login to Source:
+
+  $ ssh localhost -p 19999
+
+The connection between destination and source must be alive at all time. Tip: you may run
+a command (e.g. watch, top) on Destination to keep the connection active.