Reverse SSH Tunnel
If you want to expose your system behind a NAT to the internet then you can use a VPS and a reverse SSH tunnel:
From NAT-ed system:
ssh -N -T -R 22222:localhost:22 your-vps ^ ^ ^ ^ ^ ^ ^ | | | | | | | | | | | | | Address to your VPS (or non-NAT-ed) accessible system | | | | | | | | | | | Dump data on our local port 22 (our ssh port) | | | | | | | | | Forward to localhost (on the local system) | | | | | | | Port used by the remote system that will be forwarded | | | | | Forward remote connection to local | | | Disable pseudo-terminal allocation | Do not run remote commands, just forward a port
The above makes the your-vps
listen to port 22222 and forwards that to our local system. This command will need to keep running to keep the connection open.
We can now connect to our local system from anywhere:
ssh -J your-vps username@localhost -p 22222 ^ ^ ^ ^ | | | | | | | Use specific port 22222 | | | | | Your username of your local machine | | | Your VPS (the proxy) | Use a proxy to connect to something else
That's all you need to get going
Using sockets
Alternatively, to avoid having to bind to a remote port we can use a unix domain socket.
# Reverse proxy (run on the local machine): ssh -NTR /tmp/sock:localhost:22 your-vps # Using the proxy: ssh -At your-vps "ssh -o ProxyCommand='nc -U /tmp/sock' localhost"
SSH doesn't yet have the ability to connect to a socket, otherwise the last line in the above would be: ssh -J your-vps /tmp/sock
, but this has not yet been merged.