Nusantara Cloud

Cloud and Software Development Services

Accessing Blocked SSH-Server through Reverse-SSH Tunnel


In its most simplest form, SSH server is configured as the picture above. In this configuration, client directly talks to the SSH server via the IP address given by the ISP.

Unfortunately, often times such setup does not work such as due to:
1. ISP likes to make our life hard by not giving access to modem configurations.
2. Firewall magic set by the IT team to prevent those thirsty hackers from accessing your company's confidential data.

So what do we do? We can use an intermediary server that is publicly accessible to act as a middleman. This technique is called Reverse SSH Tunnel. It works as the following illustration:

In the illustration above, the relay computer acts as a proxy between client and your SSH Server. User connects to port 3559 of the relay computer. In turn, the relay computer forward the connection into port 22 of your SSH server. 


Terminal Command

# Run on private-server
# Tell SSH-server to relay any connection made to port 3559 of itself, to the private server.
ssh -R :3559:localhost:22 antonius@nusantara-cloud

# Editted on the relay-server:
# Without this configured, SSH-server would only relay connection made to port 3559 if it comes from loopback adapter. So this made it accessible from external world as well!
sudo echo "GatewayPorts clientspecified" >> /etc/ssh/sshd_config