Overview

Previously I wrote a SSH Tunnel Tips that introduced some SSH tunneling techniques, but it lacked context and coherence, so I’ve reorganized it here and presented a network topo diagram. A better explanation of what I’m doing.

Network Basics

Suppose my network situation is a simplification of this Topo.

| The following is a list of the most important things you can do for your business.
|!

So here are a few possible operations.

Among these scenarios, the easiest one to implement is: SSH from Home PC to VPS, which is also the most common operation we usually do. The reason why we can easily implement this principle is that the VPS has a public IP, so we can route directly from the Home PC to the VPS.

As you can see in the figure above, simply put, the difference between PC and VPS lies in the fact that the PC is connected to the router once, so if the PC intervenes in the ISP network directly, can it have a public IP? However, with the spread of fiber optics, even if you don’t use a router, you are not directly intervening in the ISP’s backbone, but rather in one of the ISP’s splitters, such as the FTTB series. So, the idea of having a PC (router) have public IP is not universal, and even if it did, the ISP would probably restrict it to a few ports, so it would not be used much.

SSH Tunneling

So, to get to the point of this article, since you can’t connect to the PC directly, can you do the opposite and let the PC initiate the request itself, which is the principle of SSH tunneling.

[[email protected]]# ssh -qngfNTR 9999:localhost:8888 [email protected]

Command Line Quick Use

[[email protected]]# cat ~/.ssh/config
Host jump
  HostName 10.0.0.102
  Port 22
  User root
  IdentityFile /root/.ssh/id_rsa
  ForwardAgent yes
Host 10.0.0.87
  HostName 10.0.0.87
  ProxyJump jump
  User zhangsan

Tips

The reverse tunnel listens only to localhost.

[[email protected]]# cat /etc/ssh/sshd_config
GatewayPorts = yes

Proxy UDP

Reverse Proxy

Ref