Need to run SSH on an unreachable Linux computer? Call and then build this connection to get your own remote SSH session. We show you how.
When to use reverse SSH tunneling
Sometimes remote computers are hard to reach. The site where they are located may have strict firewall rules, or the local administrator may have set complex rules for network address translation. How do you reach such a computer when you need to connect to it?
Let's set up some labels. Your computer is the local computer because it is in your area. The computer you are connecting to is the remote computer because it is in a location other than yours.
To distinguish between the local computer used in this article and the remote computer, the remote computer is called "howtogeek" and runs on Ubuntu Linux (with purple terminal windows). The local computer is called "Sulaco" and runs Manjaro Linux (with yellow terminal windows).
Typically, you would start an SSH connection from the local computer and connect to the remote computer. In the network scenario we describe, this is not an option. It really does not matter which network it is. This is useful whenever you can not communicate directly with SSH through a remote computer.
However, if the network configuration on your page is straightforward, the remote computer can connect to you. However, this alone is not enough for your needs because you do not get a working command-line session on the remote computer. But it is a start. You have an established connection between the two computers.
The answer lies in reverse SSH tunneling.
What is reverse SSH tunneling?
Using reverse SSH tunneling, you can use this established connection to set up a new connection from your local computer back to the remote computer.
Since the original link came from the remote computer to it is used "in reverse". "And since SSH is secure, establish a secure connection within an existing secure connection. This means that your connection to the remote computer acts as a private tunnel within the original connection.
And so we come to the name "Reverse SSH Tunneling".
How it works
Reverse SSH tunneling based on The remote computer uses the established connection to wait for new connection requests from the local computer.
The remote computer monitors a network port on the local computer. When it detects an SSH request to this port, it forwards that connection request to itself over the established connection. This establishes a new connection between the local computer and the remote computer.
Setting up is easier than writing.
Using SSH Reverse Tunneling
SSH is already installed on your Linux computer, but you may need to start the SSH daemon (sshd) if the local computer has never previously accepted SSH connections.
sudo systemctl start sshd
Use this command to start the SSH daemon each time the computer is restarted:
sudo systemctl enable sshd19659025] sudo systemctl enable sshd in a terminal window " width="646" height="122" src="/pagespeed_static/1.JiBnMqyl6S.gif" onload="pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);" onerror="this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);"/>
On the remote computer we use the following command:
- The option
sshthat new SSH sessions need to be created on the remote computer.
- 43022: localhost: 22 "tells
sshthat connection requests should be sent to port 43022 on the local computer should be forwarded to port 22 on the remote computer. Port 43022 was selected because it is listed as unassigned. This is not a special number.
- email@example.com is the user account that the remote computer connects to on the local computer.
ssh -R 43022: localhost: 22 firstname.lastname@example.org  ssh -R 43022: localhost: 22 email@example.com in a terminal window "width =" 644 "height =" 55 "src =" / pagespeed_static / 1.JiBnMqyl6S.gif "onload =" pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon (this); "onerror =" this.onerror = null; pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon (this); "/>
You may receive a warning message that you have never connected to the local computer before, you might see a warning when adding the connection details to the list of discovered SSH hosts, and what you see, if any, depends on whether or not there's ever been a connection from the
You are prompted for the password of the account that you use to connect to the local computer.
If the Verbi In the case of an error message, dave @ howtogeek changes the prompt to dave @ sulaco.
We are now connected to the local computer of the remote computer. That means we can give him orders. Let's use the command
whoto display the logins on the local machine.who
The person with the user account is displayed The called Dave has logged in to the local computer and the remote computer has obtained the IP address 192.168.4.25 ( logged in with the same user credentials).
RELATED: How to Discover the Current User Account on Linux
How to Connect to the Remote Computer
You can use the connection from the remote computer to succeed attempt to connect to the remote computer from the local computer.  The remote computer monitors port 43022 on the local computer. So to connect to the remote computer, we ask
sshto connect to the local computer on port 43022. This connection request is forwarded to the remote computer.] ssh localhost -p 43022
We are prompted for the user account password and then connected to the remote computer from the local computer. Our Manjaro computer happily says, "Welcome to Ubuntu 18.04.2 LTS."
Note that the dave @ sulaco prompt changed to dave @ howtogeek. We've achieved our goal of establishing an SSH connection to our hard-to-reach remote computer.
Using SSH with Keys
To simplify the connection from the remote computer to the local computer, we can enable SSH keys.
Enter the following command on the remote computer:ssh-keygen
You are prompted for a passphrase. You can press Enter to ignore the passphrase questions. This is not recommended. This would mean that any user on the remote machine can make an SSH connection to your local machine without being prompted for a password.
Three or four words separated by symbols make a robust passphrase.
Your SSH keys are being generated.
We need to transfer the public key to the local computer. Use this command:ssh-copy-id firstname.lastname@example.org
You are prompted to enter the password for the user Account in which you log in, in this case email@example.com.
The first time you send a connection request from the remote computer to the local computer, you must specify the passphrase. You do not need to retype it for future connection requests, as long as this terminal window remains open.
RELATED: How to Create and Install SSH Keys from the Linux Shell
Not all Tunnels Are Scary
Some tunnels can be dark and winding, but reverse SSH tunneling is not too difficult to navigate if you can maintain the relationship between the remote computer and the local computer right in your head. Then turn it over.