Back to posts.

Reverse SSH

So once in a while I'm working remotely on a project where I'm at a different location then where the PC/Mac is situated. There are plenty of tools which are pretty good with remote desktop, though when the bandwidth is limited it's sometimes more pleasent to login using SSH to update the remote code, or compile your application. But when the remote PC is behind a firewall you'll need the other party to correctly forward the SSH port to their IP. When this is not possible you can ask the remote party to start the SSH connection for you, so that you can login withouth them having to change their router.

Basically what you need to create is a reverse SSH connection, where the computer onto which you want to login initiates the SSH tunnel.

But before this to work, make sure that you have an account on the computer onto which you want to login, and that the remote user has an account on your computer.

1. First create the necessary accounts

On the remote computer, the one onto which you want to login, ask the user to create an account for you, if they didn't already do that. On Mac you can do that through the System Preferences > Users. Make it a standard account.

2. Make sure that SSHD is running on both computers

On linux you need to install the appropriate package and on Mac you need to enable Remote Login, which you can find in System Preferences > Sharing > [x] Remote Login.
Make sure that your public is configured correctly to allow SSHD connections

3. Let the remote user initialise the SSH tunnel

This simply means that you ask someone at the remote location to type a command like:

ssh -4 -R 5900:localhost:22 account_for_remote_user_on_your_pc@the_public_ip_of_your_pc.com

Example:

  • My public IP: 84.105.186.000
  • Account for remote user on my PC: joel
ssh -4 -R 5900:localhost:22 joel@84.105.186.000

The remote user will be asked to enter a password, and after entering he will be logged in into your computers. It mail feel strange that the remote user needs to login... but apparently that's how it has to work.

4. Connected to the created tunnel

Once the remote user has logged in, onto your PC/Mac you can connect to the created tunnel. You can do that by connecting to the tunnel at localhost with the port we just used (5900). So on your PC/Mac, type something like the following:

ssh -p 5900 an_existing_account_on_your_computer@localhost

Summary

Here "joel" is the remote user who will initialise the SSH and you connect to the remote through a local port 5900 as user roxlu. The remote PC needs to have the account roxlu.

Remote:

ssh -4 -R 5900:localhost:22 joel@84.105.186.000

Local:

ssh -p 5900 roxlu@localhost