A basic setup for reverse SSH tunnels
This repo provides files to help with the setup of a reverse SSH tunnel. This method can be used to connect to a computer hidden behind a firewall or some otherwise restrictive network policy.
Throughout this repo, the familiar terms "local" and "remote" have been replaced by the conceptually clearer (to me) terms of "visible" and "hidden", where "visible" refers to the computer that you have direct access to, and "hidden" refers to the computer behind the restrictive network policy.
The files in this repo should be run from the hidden computer to establish a persistent SSH connection to an SSH server on the visible computer. The user can then connect back to the hidden computer from the visible computer using a reverse tunnel on the persistent connection.
Usage
Clone this repository on the hidden computer.
Copy the file reversetunnel.conf.example
to a new location
cp reversetunnel.conf.example reversetunnel.conf
and edit the variables in the copied file for your setup.
You may need to create an SSH public key pair and install the public key
in ~/.ssh/authorized_keys
on the visible computer.
Start the persistent SSH connection on the hidden computer with
./reversetunnel.sh reversetunnel.conf
Now from the visible computer, connect to the hidden computer with
-p "$VISIBLELOCALPORT" hidden-user@localhost
It can be useful to maintain this persistent connection with a launchd on
MacOS or a systemd unit on Linux. You can find an example template for a
launchd job in local.reversetunnel.plist
.