Written by Steve Lake
Posted on: Jun 20, 2008 at 08:06am
Section: Tutorials
Printer Friendly Version
Legacy URL

There are times in your life that you may find yourself in need of accessing some files on your office computer from home, but unable to due to your company employing a firewall to protect their network from hackers. Since a snowball has a better chance of surviving in hell than you do of getting your network administrator to open a port in the firewall so you can SSH into your work computer from home, you're going to need to come up with another way to get access to your machine. This is where a Reverse SSH Tunnel will come in handy. The command to do this is extremely simple. From your work computer, type the following:

ssh -l username -nNT -R 1100:172.16.42.80:22 12.24.79.186

That's it. Just replace each of the red highlighted items with the appropriate local numbers and you're all set. Now, before I leave you totally confused as to what each of these do, let me break this down so you understand it better.

Username - Obviously this is your non-root user at home. So if you login to your BSD or Linux box with the username "bobwhite", you'd replace "username" above with "bobwhite".

1100: - This will be the local port on your home computer you will connect to. I'll explain more how to use this later. But you'll want to make sure it's a port other than what you have SSH listening on. SSH normally listens on port 22, but if you've moved it to say, port 300, then you won't want this port ID to be 300. 1100 is a pretty good number so you can be sure not to step on the toes of any other services running.

172.16.42.80:22 - This is the ip address and local port on your work computer. So if your work computer has the IP address of 172.16.42.80, then you'd enter that there. Or for example, if your IP was 10.0.23.56, you'd use that instead. Now as a side note, you can use your work computer as a middleman for connecting to another machine inside the firewall rather than your own. By changing the IP and port number to the one used by the machine of choice you'd rather connect to, you will be able to ssh into that other machine from home without first having to stop at your own machine. The kicker is, if you want to get into your machine later on, you'll either need to restart the ssh session on your work computer, or ssh back to it from the machine you got forwarded to.

12.24.79.186 - This will be the IP address of your workstation or server at home you're connecting into.

Well, that's pretty much it. There are two additional commands you'll need to use if you're, A) connecting to your machine at home through a port other than 22, and/or B) if you're using an SSH static public/private key. To do either of these, you'll need to add the following options to your ssh command line:

-p 300 - The "-p" tells SSH that you want to specify a port. 300 is of course an example of whatever your home ssh server listens on.

-i id_dsa - The "-i" command tells SSH that you want to use an "identity" file (aka a public/private keypair) to connect to the remote server rather than an automatically generated one. This is important if you've setup your sshd_config file similar to the configuration shown here.

Once the connection is established from your work computer, you should be able to connect from home anytime you want. Just remember two things. The first is to consider using AutoSSH to keep the connection alive in case it should drop, and the second is that you've technically just opened a hole through the firewall and into your network for the world to exploit. Now the likelihood of someone exploiting it is very slim to none, but there's still that chance, so don't get all whilly nilly with it when you use it. Only use it on nights when you expect to have a need to connect to your machine and shut it off during the day while you're at work.

Also, another note of interest. When you start the session, you'll need to do one of three things. Leave the console window open with the session running, do the command and follow it with an & sign to allow the process to become separated from the console so that it can allow you to do other things while it's running (you'll still need to keep the console window open when you're done or it'll kill the session), or start a screen session and start this process in there and then detach the screen session to leave it running.

And one other thing, when the command starts, you won't get any feedback that it's running. At most you'll be asked for your passkey for your public key file, or your login credentials. After that it will act like a hung process that's not doing anything, but actually it's fine. To test your tunnel, just open a second console window and ssh to your home computer. Once in, ssh to localhost and port 1100 (or whatever port you chose) and login to your work computer. If you did it right, you should now find yourself ssh'ed into your work PC.

From home all you'll need to do is ssh either to localhost (if you're on the same machine your work PC is ssh'ed into) or the IP of the machine you connected to from work on the IP you specified and you will be able to login to your machine at work. It's just that simple. You're essentially riding an existing ssh session backwards to your computer at work.