Reverse ssh tunnel

From XPUB & Lens-Based wiki

To access a local machine, behind a firewall, without a public IP, we can use a reserve ssh tunnel - a poor man's VPN.

The steps are the following:

From the machine you want to access (local machine), create an ssh tunnel to a publicly accessible server (remote machine), like pzwart1:

ssh -N -T -R 2222:localhost:22

This command establish a tunnel with a -R remote entry point between the local machine and the remote machine .

This will allow, as we'll see later, that anything attached to port 2222 on the server, to reach "localhost port 22", The other options are:

  • -f send ssh to background
  • -N saves resources, by specifiying you don't actually want to run any remote commands. If all you're creating is a tunnel, then including this option.
  • -T disables the interactive shell.

To access the localhost, from any where, all you need to do is login to the remote, as you normally do:


Once inside the remote, you simply login to its own localhost, but on port 2222, which will reach "localhost port 22", which is is our

ssh -p 2222 username(of local machine)@localhost

Note: port 2222 is an arbitrary number. We could have used any other available port.

Tunnel http traffic

The same strategy used above to tunnel SSH traffic, can be used to tunnel HTTP traffic.

Since HTTP traffic runs on port 80, instead of creating a tunnel attaching the ssh standart traffic port (22), we attach our chosen port .ie 8000 to port 80

In the local machine run:

ssh -R 8000:localhost:80

And now we can visit


Although the browser in visiting, gets to it ends with Alert!: Unable to connect to remote host.

In other tutorials it is advised to:

1. Add the following line to /etc/ssh/sshd_config (I just added it at the very end) on your remote SSH server to allow remote port forwarding:

GatewayPorts yes

2. Save the file and apply the changes with:

sudo restart ssh