Reverse SSH connection

Imagine that you have a host (named A) somewhere that has no publicly reachable IP address but you would like to connect it via SSH. If this host A can reach outside, then you can reverse SSH into it. Here is the scenario;

Host A (192.168.1.1) — ¬†INTERNET —- Host C (10.10.10.1)

On host A, run the following command;

HostA#ssh -R 2025:localhost:22 usernameC@10.10.10.1

Once you authenticate yourself, this opens a tunnel from Host C to Host A but
from port 2025 to 22. If you want to connect from Host C to Host B back you can simply run;

HostC#ssh -p 2025 usernameA@localhost

Can you see that as if you are connecting to localhost? but indeed connection is tunneled towards the Host A

About: rtoodtoo

Genco has worked for more than 10 years as a Network/Support Engineer. He is also interested in Python, Linux, Security and SD-WAN, currently lives in the Netherlands and works as a Network Support Engineer at Tesla Inc. // JNCIE-SEC #223 / RHCE / PCNSE


You have a feedback?

This site uses Akismet to reduce spam. Learn how your comment data is processed.