4th Floor, 4 Tabernacle Street London EC2A 4LU

Reverse Proxy into Linux via SSH

Instructions to establish a reverse SSH proxy on server startup.

Useful for setting up a server behind gateways/firewalls.

 

Install SSH keys on the remote and local server.

Note the command should work independently before setting up as a service.

/usr/bin/ssh -NT -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" 
-o "PubkeyAuthentication=yes" -o "PasswordAuthentication=no" -i /sshtunnel/.ssh/id_rsa -R 2220:localhost:22 user@remotehost.com

On the remote server you can login via the tunnel

ssh user@localhost -p 2220

 

Create a service file /etc/systemd/system/sshtunnel.service containing:

[Unit]
Description=SSH Tunnel
After=network-online.target ssh.service

[Service]
User=sshtunnel
ExecStart=/usr/bin/ssh -NT -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -o "PubkeyAuthentication=yes" -o "PasswordAuthentication=no" -i /sshtunnel/.ssh/id_rsa -R 2220:localhost:22 user@remotehost.com

RestartSec=5
Restart=always
[Install]
WantedBy=multi-user.target

Enable SSH Tunnel Service

systemctl enable sshtunnel

 

Start SSH Tunnel

systemctl start sshtunnel

Get SSH Tunnel Status

systemctl status sshtunnel