Creating ssh reverse tunnel

Imagine you are out of the office, but you have an important document that you have to get from your personal computer in your office. Unfortunately your computer is protected behind a firewall, making it impossible to access. But you have a server that you can access and your personal computer also can access this server. This is where ssh reverse tunnel come into action. For easy explanation, we will call your current computer as current, your server as middle and your personal computer at the office as target.

Pre-condition for ssh reverse tunnel

1. The current computer that you have can connect to port 12000 (or any other) on the middle server.
2. The middle is running an ssh daemon willing to do port-forwarding (enabled by default in OpenSSH) and the GatewayPorts feature is enabled
3. You can open an ssh connection from target to the middle in advance and leave it open.
4. The SSH daemon is running on target on port 22. In fact the port can be arbitrary and the daemon does not have to allow port forwarding. You can even establish your own (not root) ssh daemon.

Below are the steps:

1. Create a tunnel from middle to target and leave it open when you are still at the office. You cn also ask your colleague at the office to do this. The below command will open port 12000 on middle for listening and forward all request on port 12000 on middle to port 22 of target
   
• user@target $ ssh -R 12000:localhost:22 middleuser@middle
  
2. Now you can access to port 12000 on middle from current and you will be forwarded to port 22 on target
• user@current $ ssh targetuser@middle -p 12000
3. If somehow you cannot access, access middle first, then connect to port 12000 of localhost
• user@current $ ssh middleuser@middle
  
• user@middle $ ssh targetuser@localhost -p 12000
4. You are now in the target server