SSH Reverse Tunnel: Connecting Back to Local Machine from Remote Server


3 views

When working with remote servers, there are cases where you need to establish a connection back to your local machine from the remote server. This is particularly useful when:

  • You need to access local services from the remote server
  • You want to transfer files back to your local machine
  • Your local application needs to interact with processes on the remote server

The main challenge occurs when your local machine doesn't have a static IP address or is behind NAT. When you try to SSH back from the remote server using your local IP, the connection often fails because:

ssh username@local_ip # Usually fails if local machine is behind NAT

The proper solution is to establish a reverse SSH tunnel during your initial connection to the remote server:

ssh -R 2222:localhost:22 username@remote_server

This command does the following:

  • -R creates a reverse tunnel
  • 2222 is the port on the remote server
  • localhost:22 represents your local SSH server

Once the tunnel is established, from the remote server you can connect back to your local machine using:

ssh -p 2222 username@localhost

For more reliable connections, consider using autossh:

autossh -M 0 -f -N -R 2222:localhost:22 username@remote_server

Key parameters:

  • -M 0 disables monitoring (let system handle reconnections)
  • -f runs in background
  • -N doesn't execute remote commands

For production environments, add these to your ~/.ssh/config:

Host remote-tunnel
    HostName remote_server
    User username
    RemoteForward 2222 localhost:22
    ServerAliveInterval 60
    ServerAliveCountMax 3

If you encounter issues:

  1. Check if GatewayPorts is enabled on the remote server's sshd_config
  2. Verify your local firewall allows incoming connections
  3. Test with -vvv for verbose debugging

Always:

  • Use SSH keys instead of passwords
  • Restrict access with AllowTcpForwarding in sshd_config
  • Consider using VPN for more sensitive connections

When working remotely via SSH, you might need to establish a connection back to your local machine from the remote server. This is common when:

  • You need to transfer files from the remote server to a local application
  • You want to access local development services from the remote machine
  • You're debugging network configurations

Most home networks don't have static public IPs, and residential ISPs often block incoming SSH (port 22) connections. Even if you check $SSH_CLIENT for your apparent IP, it might not be reachable from the internet.

Establish the forward during your initial SSH connection to the remote server:

ssh -R 2222:localhost:22 user@remote-server

Then on the remote server, connect back via:

ssh -p 2222 localhost

For persistent access, set up a reverse tunnel:

# On your local machine (before connecting to remote):
ssh -fN -R 2222:localhost:22 user@remote-server

# Then on remote server:
ssh -p 2222 localhost

For more complex scenarios, use SOCKS proxy:

ssh -D 1337 -C -N user@remote-server

Configure your local applications to use localhost:1337 as a SOCKS proxy.

  • Ensure GatewayPorts yes is in your remote server's sshd_config
  • Check firewall rules on both ends with sudo ufw status
  • For home networks, consider using ngrok as a fallback: ngrok tcp 22

Always use:

ssh-keygen -t ed25519
ssh-copy-id user@remote-server

And consider adding AllowTcpForwarding yes to your SSH config.