This is a brief guide on how to configure an SSH reverse tunnel that automatically establishes on boot and will continuously attempt to re-connect when it fails.
It is very useful if you are deploying a device somewhere without a public IP, e.g. behind a NAT, and need to be able to SSH into it from the wider internet.
Let's refer to the NAT'ed device as the client. This guide assumes that the client is able to create outgoing SSH connections to at least destination port 443.
You will need root access to a server with a static IP on the internet which runs an openssh server.
On my-server.example.com
add the following to /etc/ssh/sshd_config
, changing tunnel-user
to whichever username you want to use (this will be a new user, not an exising user) and changing the PermitOpen
line: