# [SOLVED] 'Reverse' SSH tunneling?

## dlmalloc

I don't really know what the name of the set up I am trying achieve is, but I'll give it my best shot at describing.

At my uni halls the firewall set up does not allow inbound connections externally, so I am unable to ssh into my box. I have a remote server, which I have full access to. I will call my home box A, my server B, and any other machine C. The aim is to connect from C to A. 

A can connect to B, B cannot connect to A. C cannot connect to A. So A must 'start' the connection. 

I want to, form a connection between A and B in such a way that ssh'ing to B:12345 would be like ssh'ing to A:22. It would 'forward' the connection.

I have already partially got this working:

```
A $ ssh -R 12345:localhost:22 motif@B
```

The only trouble is that:

```
C $ ssh motif@B -p 12345
```

Does not work. I must do:

```
C $ ssh motif@B

B $ ssh motif@localhost -p 12345

A $ echo "Connected to A"
```

While this is fine for simple access, I can't use sshfs from A to C, or sftp. etc. (as far as I am aware?) The ultimate goal is to use it to stream music from my hard drive at A, work on LaTeX files remotely (rather than carry around copies on flash disk etc), even watch movies when I have spare time at uni. Etc.

Sorry if my explanation isn't very clear. I tried my best!

----------

## Hu

Try:

```
C $ ssh -L 54321:127.0.0.1:12345 motif@B

C $ ssh -p 54321 motif@localhost

A $
```

This connects to B and forwards C port 54321 to B's localhost:12345, which you previously forwarded to A.  It then connects to C's localhost:54321, triggering a forwarding to B's localhost:12345, triggering a forwarding to A's localhost:22.

----------

## Mad Merlin

On B, can you ssh to localhost:12345 after setting up the tunnel? Tunnels with ssh by default only listen on localhost, you can change this with (IIRC), the setting GatewayPorts. From man sshd_config:

```

     GatewayPorts

             Specifies whether remote hosts are allowed to connect to ports

             forwarded for the client.  By default, sshd(8) binds remote port

             forwardings to the loopback address.  This prevents other remote

             hosts from connecting to forwarded ports.  GatewayPorts can be

             used to specify that sshd should allow remote port forwardings to

             bind to non-loopback addresses, thus allowing other hosts to con-

             nect.  The argument may be ``no'' to force remote port forward-

             ings to be available to the local host only, ``yes'' to force

             remote port forwardings to bind to the wildcard address, or

             ``clientspecified'' to allow the client to select the address to

             which the forwarding is bound.  The default is ``no''.

```

----------

## dlmalloc

 *Hu wrote:*   

> This connects to B and forwards C port 54321 to B's localhost:12345, which you previously forwarded to A.  It then connects to C's localhost:54321, triggering a forwarding to B's localhost:12345, triggering a forwarding to A's localhost:22.

 

This works, but I would like to be able to connect to A from C in one command. This is so I can use sftp etc without having to set up PuTTY to tunnel every time. It is likely C will be a Windows machine (unfortunately).

Mad Merlin: It looks like this will work, I will try it as soon as I get a chance. Thanks for pointing it out!  :Smile: 

----------

