Reverse SSH Tunneling

Updated on February 22, 2016
Reverse SSH Tunneling header image

It is a common practice among Internet Service Providers to block the majority of, if not all, incoming ports for their home subscribers — making it impossible to remotely connect to your home computer via HTTP, SSH, FTP, etc.

This tutorial will cover how to bypass these restrictions using a technique called Reverse SSH Tunneling.

Note: This tutorial assumes you are using Ubuntu. The steps, however, are expected to work for other Linux distributions.

Prerequisites:

  • An Ubuntu server instance.
  • An SSH Client on your local machine.

Step 1: Configuring SSH daemon on your server:

By default, the SSH daemon is only listening on 127.0.0.1, so we won’t be able to access our forwarded ports from outside. To get it to listen on the interface connected to the Internet we must enable the GatewayPorts option in the SSH server's configuration.

Open /etc/ssh/sshd_config using your favorite text editor.

nano /etc/ssh/sshd_config

Then add GatewayPorts yes at the bottom of the file.

After saving the file, restart the SSH daemon:

service ssh restart

Step 2: Tunneling:

If your home computer runs Linux, you’ll need to use the ssh command as follows:

ssh -R [Port to forward to on your VPS]:localhost:[Port to forward on your local machine] [VPS IP]

Or if you have installed Microsoft Windows on your machine, then you have to install plink and connect as shown:

plink -R [Port to forward to on your VPS]:localhost:[Port to forward on your local machine] [VPS IP]

In this example, we’re forwarding port 19132, which is open on your at-home machine, to port 80 on your remote server (assuming your server’s IP Address is 192.168.0.1).

ssh -R 80:localhost:19132 192.168.0.1

This will allow you to access your at-home machine from a remote location by connecting to 192.168.0.1:80.

This concludes our tutorial. Thank you for reading.