4th Floor, 4 Tabernacle Street London EC2A 4LU

Reverse Proxy into Linux via SSH

Instructions to establish a reverse SSH proxy on server startup.

Useful for setting up a server behind gateways/firewalls.


Install SSH keys on the remote and local server.

Note the command should work independently before setting up as a service.

/usr/bin/ssh -NT -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" 
-o "PubkeyAuthentication=yes" -o "PasswordAuthentication=no" -i /sshtunnel/.ssh/id_rsa -R 2220:localhost:22 user@remotehost.com

On the remote server you can login via the tunnel

ssh user@localhost -p 2220


Create a service file /etc/systemd/system/sshtunnel.service containing:

Description=SSH Tunnel
After=network-online.target ssh.service

ExecStart=/usr/bin/ssh -NT -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -o "PubkeyAuthentication=yes" -o "PasswordAuthentication=no" -i /sshtunnel/.ssh/id_rsa -R 2220:localhost:22 user@remotehost.com


Enable SSH Tunnel Service

systemctl enable sshtunnel


Start SSH Tunnel

systemctl start sshtunnel

Get SSH Tunnel Status

systemctl status sshtunnel