How to make a reverse SSH tunnel

What is a reverse SSH tunnel?

You want to connect your local machine to a server, so that you can use the tunnel to connect from the server to your local machine. This works without port forwarding in routers and often through firewalls.

local machine ———» starts reverse tunnel to the ———» server.

server ———» connects via the tunnel to the ———» local machine.

How to make a reverse SSH tunnel?

On the local machine execute:

ssh -p222 -nNTR 2223:localhost:22 username@

where in this example

  • 222 is the port of sshd on the server
  • 2223 is the port on the server, that will be forwarded to the local port 22
  • 22 is the port of sshd on local machine
  • username is the username on the server, should have restricted rights.
  • is the ip address of the server

Again, with placeholders:

ssh -p<sshd port server> -nNTR <forwarded port server>:localhost:<sshd port local> <username>@<ip server>

How to connect via the reverse SSH tunnel?

To connect from the server to the local machine, that initiated the tunnel, use the following command on the server:

ssh -p2223 username@localhost


  • 2223 is again the port, that was forwarded
  • username in this case is a username on the former “local machine”, not on the server

Other commands

Use autossh to keep your ssh tunnel alive, description of ports see above.

sudo apt-get install autossh
autossh -p222 -nNTR 2223:localhost:22 username@

Use public key authentification and make an @reboot cronjob to automatically create the tunnel.


how_to/make_a_reverse_ssh_tunnel.txt · Last modified: 28.11.2010 03:17 (external edit)
Recent changes RSS feed Creative Commons License Valid XHTML 1.0 Valid CSS Driven by DokuWiki
Drupal Garland Theme for Dokuwiki