SSH access with SSH reverse tunnel

Question

I can find a lot tutorials on the web for setting up an reverse SSH tunnel.

  ssh -p2000 -fNC -R 10011:localhost:22.user@proxy.de

But how I can become an SSH connection on my local server? I like to set up a connection from proxy(has a public IP) to localhost(which is in my home network) through the SSH reverse tunnel . I need to type from anywhere SSH commands on my localhost.

Thanks for your help Stefan

It looks like you have already set up the tunnel correctly. What exactly do you need help with? — Michael Hampton, Jun 26 '21 at 23:51
On my localhost is only port 80 and 443 open to connect with the internet — Stefan, Jun 27 '21 at 00:05
Presumably that is why you have set up the tunnel! So what exactly do you need help with? — Michael Hampton, Jun 27 '21 at 00:35
I become this error to day user@user:~$ ssh -f -N -T -R 2210:localhost:22 User@ip User@ip's password: user@user:~$ Warning: remote port forwarding failed for listen port 2210 connect_to locahost: unknown host (Temporary failure in name resolution) — Stefan, Jun 27 '21 at 09:32
i had to reboot both servers and correct the typo. And now it set up the tunnel — Stefan, Jun 27 '21 at 10:20

score 0 · Answer 1 · answered Jun 27 '21 at 10:04

Without knowing about SSH reverse proxies, are you trying from another machine/the "proxy server" (?) to connect to a local/'private' hostname of 'localhost' that maps to the local/'private' 'loopback' address that resolves to (IPv4) '127.0.0.1' (or 127.x.x.x even) or (IPv6) '::1', when the loopback address 'resolves'/equates to the local machine, and possibly only if you have a "localhost" entry within your (*NIX - UNIX/Linux) '/etc/hosts' or (Windows) 'C:\Windows\System32\drivers\etc\hosts' file.

If so, you'd might need to target the proper 'hostname' that is mapped to a proper 'private' IP address (i.e. the one assigned to the NIC/network card) - if they are both on the same network, otherwise possibly a 'public' IP address - unless NAT (Network Address Translation - private IP to public IP conversion/replacement for outgoing & vice versa for incoming) is in place to handle this for you.

score 0 · Answer 2 · answered Jan 26 '23 at 10:30

To summarize, you have on host A (proxy.net) with a public IP and host B without a public IP. You want to to enter into an ssh shell on B from A.

This can be done by forwarding a free port of A to the sshd listening port on B.

To achieve this, first if it is not already running start sshd either by entering

sshd

into a shell, or if you have systemd like

systemctl start sshd

After this, set up a reverse tunnel from B to A like this:

ssh -N -R 8890:localhost:22 <a_user>@proxy.net

The port 8890 can be exchanged with any free port on A. The port 22 is the port that the ssh deamon sshd is listening to on B. Most likely it is 22, but it could be a different port. You can find out by running

sudo netstat -lntp

There should be a line with sshd in the Progam Name column. In that line the local address columns should show something like 127.0.0.1:22. The number behind the : is the port your ssh deamon is listening on.

After setting up the remote ssh tunnel, you can ssh into B from A by running

ssh -p 8890 <b_user>@localhost

In this post I have used <a_user> for the user on A and <b_user> as tokens for the user on B.

SSH access with SSH reverse tunnel

2 Answers2