ssh through a router without port forwarding

linux ssh nat port-forwarding

40,901

Solution 1

What you would want to do is ssh FROM your "linux server" TO something on the outside, such as "my_other_server" or something else both servers can get to.

You would use ssh remote port forwarding.
[user@linux_server]$ ssh -R8022:localhost:22 my_other_server.com
Explaination: Connect to my_other_server and open port 8022 there which will forward back to me on port 22.

From my_other_server.com you will be able to ssh to localhost on port 8022, and have your traffic forwarded to linux_server piggybacking on the linux_server -> my_other_server tunnel [user@linux_server]$ ssh -p8022 localhost
Explaination: Connect to myself on port 8022 which is forwarded to linux_server

If you have problems with the initial linux_server -> my_other_server tunnel dropping out, you could make a script to keep it open, adjust the keepalive settings, or use autossh.

Solution 2

This answer is based on the accepted one, but adding the details that allowed me to get it done. I apologize for the pedestrian explanation, since this is not at all of my expertise.

Suppose you have two computers, A and B. You want to ssh from A to B, and you cannot do any port forwarding in the routers connected to them.

As the accepted answer states, you need a server S to do this: in computer B, you will allow ssh connections coming from S; and from computer A, you will access that tunnel at S to reach B.

But how do you get that server S? I found serveo (link: https://serveo.net/). It is of very simple use. You do not have to install anything or register and it is free. According to the website, the steps to follow are:

Think of an alias for computer B. For example, computer_B_alias.
In computer B, execute ssh -R computer_B_alias:22:localhost:22 serveo.net.
Now, you can access computer B from computer A by executing the following in computer A: ssh -J serveo.net user@computer_B_alias, where you have to substitute user by the name of the user in computer B.

P.S.: Of course, you make point 2 an automatic task when starting your computer B.

P.S.S.: Before you try this, make sure that ssh is installed in both computers. For Ubuntu, sudo apt-get install ssh would do the job.

Solution 3

You can use ngrok. The process is easy:

Register on their site
wget https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-amd64.zip
unzip ngrok-stable-linux-amd64.zip
./ngrok authtoken < unique key from your ngrok account >
./ngrok tcp 22
on the remote pc you can connect like this:
1. ssh [email protected] -p 11000

Solution 4

You can use a VPN of sorts to get this working, but it would require you to have a server that the inaccessible server can access. Then you can set up OpenVPN on the server, your PC, and the firewalled server, enable client-to-client, and you're done. http://openvpn.net/howto.html

Solution 5

Long time to answer.Hoping it could help someone who is looking for same now.

If you want to access a server behind NAT and you don't want to write code, you can probably go for a tool among below and use whatever suits to your need.

Both of the above tools assume you have the access to the linux machine to install their client Some of their benefits are :

Both gives you access to the terminal using web interface
You do not need an intermediate reverse ssh host of your own.
Very easy to install
Both are open source

I personally prefer tmate more as you can host the tmate server on your own intermediate server (for reverse ssh ) while teleconsole can only connect to their own servers for reverse ssh.

View more solutions

40,901

Jiechao Li

Updated on September 18, 2022

Comments

Jiechao Li over 1 year

I have a linux server, and I want to put it in a home network behind a router. I need to ssh to this server sometime from outside, but I don't want to set up port forwarding because I don't have access to the router, and I don't know the ip of the router either.

What I can do is to put some program in the linux server, so when it is connected to Internet, it will constantly sending data to my other server online so I know the ip address of it. But is there a way to ssh to the server behind the router from outside? something like NAT or socket that maintains the network connection?

Thanks a lot
Jiechao Li about 11 years

Thanks, that works great! I want to use script to keep it open. The other question is what if I have like 1000 such 'linux server' and only one 'my_other_server', can I ssh to any of them this way? I assume they all need different port and is there a better way to do so?
Jiechao Li about 11 years

Thanks. I am looking into this, but it seems a little complicated. If I understand correctly, I need to install OpenVPN on both server so they can communicate without configuring the router, right?
Nathan C about 11 years

Exactly. You configure a server as the "server", then the two clients you want connected together as "clients" in the config. The reverse SSH noted above seems to be easier for you, though.
MattPark about 11 years

Well that depends. Now that you are on linux_server, could you just ssh to linux_server2 and linux_server3 from there? That would be the easiest. So yes you could do this several times over, instead of using 8022 you'd use 8023, 8024. If you go that route, build a ~/.ssh/config file on "my_other_server" that contains all of the port numbers, so you just ssh [alias] instead of ssh [port] localhost. That will become cumbersome.
adamyonk over 7 years

Is it possible to set this up with just two machines? Connect B to A, the A back to B through itself?
adamyonk over 7 years

I just did it. Can confirm that it works. \o/
MattPark over 7 years

Yeah man--- obviously you figured it out. You can use something like autossh to keep it open.
DannyDannyDanny about 4 years

Thanks, this was the missing link I needed as well. Note serveo seems to be down. I found these two alternatives rather useful: ngrok & localhost.run!
Community about 2 years

As it’s currently written, your answer is unclear. Please edit to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers in the help center.
DarkDiamond about 2 years

While this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes. - From Review
Admin almost 2 years

Thank you very much for this solution. It works very well and I have upvoted this answer. Just one mistake, I think you mean [user@my_other_server.com]$ ssh -p8022 localhost