# HG changeset patch
# User Oleksandr Gavenko <gavenkoa@gmail.com>
# Date 1228223085 -7200
# Node ID c676a664a5efcb6bc42b9469c2e96e50b77ca507
# Parent  743f7a15697a67a1d1439816b2806da68728a834
Reverse SSH Tunneling.

diff -r 743f7a15697a -r c676a664a5ef ssh.rst
--- a/ssh.rst	Mon Dec 01 22:51:09 2008 +0200
+++ b/ssh.rst	Tue Dec 02 15:04:45 2008 +0200
@@ -50,3 +50,37 @@
      $ ssh user@192.168.1.38
    или
      $ ssh -l user 192.168.1.38
+
+* Reverse SSH Tunneling
+
+Have you ever wanted to ssh to your Linux box that sits behind NAT? Now you can with
+reverse SSH tunneling. This document will show you step by step how to set up reverse SSH
+tunneling. The reverse SSH tunneling should work fine with Unix like systems.
+
+Let's assume that Destination's IP is 192.168.20.55 (Linux box that you want to access).
+
+You want to access from Linux client with IP 138.47.99.99.
+Destination (192.168.20.55) <- |NAT| <- Source (138.47.99.99)
+
+SH from the destination to the source (with public ip) using command below:
+
+  $ ssh -R 19999:localhost:22 sourceuser@138.47.99.99
+
+port 19999 can be any unused port.
+Now you can SSH from source to destination through SSH tuneling:
+
+  $ ssh localhost -p 19999
+
+3rd party servers can also access 192.168.20.55 through Destination (138.47.99.99).
+Destination (192.168.20.55) <- |NAT| <- Source (138.47.99.99) <- Bob's server
+
+From Bob's server:
+
+  $ ssh sourceuser@138.47.99.99
+
+After the sucessful login to Source:
+
+  $ ssh localhost -p 19999
+
+The connection between destination and source must be alive at all time. Tip: you may run
+a command (e.g. watch, top) on Destination to keep the connection active.