Live Chat 
(+972) 079-5599-110
In this guide tutorial we will teach you how to set up Reverse SSH tunnel on Linux.
If you have a Linux machine behind NAT and a VPS, you will want to SHH to the Linux machine behind NAT from your VPS but you may not want to bother with port forwarding or perhaps your machine behind NAT does not have a static IP address. For this we have a simple solution.
Step 1: Setting Up a reverse SSH Tunnel.
Begin by setting up the reverse on the machine that is behind NAT, do so by running the command below.
ssh -R 24553:localhost:22 [email protected]
Remember to replace the SSH user and IP address in the command above to your own SSH user and IP address.
The port which was used for the reverse tunnel in the command above is ‘24553’; do not hesitate to use any other port you would like to ensure that this port is open on the VPS you would like to connect the reverse tunnel to. You can check ‘iptables’ to see if the port was opened by running the command below.
iptables -L -vn
In the case that the output has a DROP all line at the bottom like in the example below.
Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 3214 3919K ACCEPT all -- * * 10.20.30.1 0.0.0.0/0 0 0 ACCEPT all -- * * 10.20.31.2 0.0.0.0/0 631K 855M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 329K 17M DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Or an input policy set to DROP like in the example below.
Chain INPUT (policy DROP 329K packets, 17M bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 3214 3919K ACCEPT all -- * * 10.20.30.1 0.0.0.0/0 0 0 ACCEPT all -- * * 10.20.31.2 0.0.0.0/0 631K 855M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
Then you will have to open the port in iptables by running the command below.
iptables -I INPUT 1 -p tcp --dport 24553 -j ACCEPT
Obviously, you will need to ensure that the ‘–dport’ is replaced with your port number of choice.
Step 2: Connecting to the SSH tunnel
This step is quite simple, you simply have to run the command below on the VPS.
ssh localhost -p 24553
You could also SSH from other machines to the NAT’ed machine. To do this, first log into your VPS.
ssh [email protected]
Once you have logged into the machine from your VPS, run the below.
ssh localhost -p 24553
Step 3: Creating a persistent SSH tunnel
Since the tunnel you have made is not going to be persistent and will be dropped if the connection on the Linux machine behind NAT drops, you will need to make sure that your reverse SSH tunnel is persistent; you can do so by installing ‘autossh’.
For Debian/Ubuntu systems you can run the command below to install autossh.
apt-get install autossh
For RHEL/CentOS systems you can run the command below to install autossh.
yum install autossh
You must now create the reverse SSH tunnel on the machine behind Nat, then run the command below.
autossh -M 20110 -o ServerAliveInterval=20 -R 24553:localhost:22 [email protected] & >/dev/null 2>&1
Next, log into the machine behind NAT by running the command below on the VPS.
ssh localhost -p 24553
This is all, you now have a reverse SSH tunnel successfully set up on Linux.