SSH Reverse Tunnel

Linux Security

If you need to SSH to a host but don’t have direct SSH access, you can perform a reverse SSH tunnel. For this you need a host that will except inbound connections to work as a “jump host”, it is possible without it, where you could SSH back to your client computer; however for the purposes of this example the setup is as follows:

1. TARGETSRV – Target host you want to connect to, you will start the SSH reverse tunnel from here.

2. JUMPHOST – The host you’ll be connecting the reverse tunnel to from the TARGETSRV.

3. CLIENT – Your client computer that you’ll be SSHing from to the JUMPHOST.

The first step is to start the SSH reverse tunnel from the TARGETSRV. Here we are creating a tunnel from port 22 on the TARGETSRV to port 19999 on the JUMPHOST over port 22 SSH.

# ssh -p 22 -R 19999:localhost:22 JUMPHOST -l <user>

Now SSH to the JUMPHOST from CLIENT and run the following command:

ssh -p 19999 -l <user>

Now you will have connected to the TARGETSRV down the reverse tunnel.Especially useful if your target host is behind a firewall where direct access is not possible.

Leave a Reply

Your email address will not be published. Required fields are marked *