Article

Table of Contents
Theme:
Was this article helpful?

1  out of  2 found this helpful

Try Vultr Today with

$50 Free on Us!

Want to contribute?

You could earn up to $600 by adding new articles.

Reverse SSH Tunneling

Last Updated: Mon, Feb 22, 2016
Linux Guides Networking Ubuntu

It is a common practice among Internet Service Providers to block the majority of, if not all, incoming ports for their home subscribers — making it impossible to remotely connect to your home computer via HTTP, SSH, FTP, etc.

This tutorial will cover how to bypass these restrictions using a technique called Reverse SSH Tunneling.

Note: This tutorial assumes you are using Ubuntu. The steps, however, are expected to work for other Linux distributions.

Prerequisites:

  • An Ubuntu server instance.
  • An SSH Client on your local machine.

Step 1: Configuring SSH daemon on your server:

By default, the SSH daemon is only listening on 127.0.0.1, so we won’t be able to access our forwarded ports from outside. To get it to listen on the interface connected to the Internet we must enable the GatewayPorts option in the SSH server's configuration.

Open /etc/ssh/sshd_config using your favorite text editor.

nano /etc/ssh/sshd_config

Then add GatewayPorts yes at the bottom of the file.

After saving the file, restart the SSH daemon:

service ssh restart

Step 2: Tunneling:

If your home computer runs Linux, you’ll need to use the ssh command as follows:

ssh -R [Port to forward to on your VPS]:localhost:[Port to forward on your local machine] [VPS IP]

Or if you have installed Microsoft Windows on your machine, then you have to install plink and connect as shown:

plink -R [Port to forward to on your VPS]:localhost:[Port to forward on your local machine] [VPS IP]

In this example, we’re forwarding port 19132, which is open on your at-home machine, to port 80 on your remote server (assuming your server’s IP Address is 192.168.0.1).

ssh -R 80:localhost:19132 192.168.0.1

This will allow you to access your at-home machine from a remote location by connecting to 192.168.0.1:80.

This concludes our tutorial. Thank you for reading.

Want to contribute?

You could earn up to $600 by adding new articles.

本网站的中文版本仅供参考,以英文版本为准。