How to bypass firewall and NAT with reverse SSH Tunnel

Question

I\'m trying to generate an SSH server in a machine behind a router.

First I tried to bind the SSH to my public IP address:

ssh -R 10002:localhost:22          


        

Answer 1

As you said we have "destination machine" (where we wanto to connect to using ssh), "middle machine" (public server working as forwarder), "other computers" (any other computer on the net)

As @thomas-oster said you have to use

[destination computer] $ ssh -R 2222:localhost:22 ip_of_public_server

However, in order for the tunnel to bind to 0.0.0.0 instead of localhost, you have to use GatewayPorts in /etc/ssh/sshd_config on the "middle machine" (public server):

GatewayPorts yes

Of course you have to restart sshd after adding this option.

Read http://www.snailbook.com/faq/gatewayports.auto.html for an explanation: "by default SSH only listens for connections to the forwarded port on the loopback address"

This will allow you to connect from any computer on the net to your destination computer using the ip of the middle machine (public server):

[any computer on the net] $ ssh -p 2222 ip_of_public_server

Make sure your firewall on the public server allows connections to port 2222/tcp.