Reverse SSH to Access Hosts Behind the NAT

January 17, 2020

Assume you have a local machine behind NAT and there is a relay machine that has a public IP address. You want to have access to the local computer from anywhere.

VMs Overlay Network Sample

Getting Started

Create SSH from Local to the Relay Machine

Log into the relay machine and then pick any arbitrary available port up. Here we use port 10022:

# -f send to the background
# -N means there is no command to execute
#    over an established ssh connection
# -R is used for port forwarding. Any request sent to the 
#    port 10022 of the relay machine will be forwarded to 
#    the port 22 of the local machine.

ssh -fN -R 10022:localhost:22 <relay-username>@<relay-ip>

Then from anywhere on the Internet, first ssh to the relay computer and then within the terminal of relay machine ssh to the local machine:

Connect to the Local Machine from the Relay Machine

ssh -p 10022 <local-username>@localhost

Networking Linux Remote NAT