Setting up a reverse SSH tunnel with a Raspberry Pi part 1

Photo Credit: http://www.kahvel.ee/

Setting up a reverse SSH tunnel with a Raspberry Pi part 1

Notice: This post is more than a year old. It may be outdated.

Think of a following scenario. You need to access your work computer from your home. You have a small office with no dedicated IT support. Probably you don’t have a VPN which you could use to connect to your work network. But you have a spare Raspberry Pi lying around. You could put that into use and create a connection to your work machine by creating a reverse SSH tunnel.

What you’re going to need:

  • a working Raspberry Pi
  • physical access to your work network
  • a server outside of your work network
  • basic understanding of SSH

Setting up an outside server

You’re going to need an outside server for your Pi to connect into. If you already have a box with a static IP and SSH running then you’re good to go. If not, then you could create a cheap VPS at DigitalOcean for example. Additionally, read this post about further securing your SSH server.

Setting up the Pi

To begin with, plug in your Pi and connect it to your office network. Then you should check if you can connect to your server via SSH. If you have not yet set up key-based authentication then this should be the next step. It is needed so the Pi can ssh into your server without being prompted for a password. Ubuntu help pages have a step-by-step guide on how to do that.

Creating a reverse SSH tunnel

Now let’s create a tunnel from your Pi to the Linux server.

$ ssh -N -R 2222:localhost:22 user@yourserverhostname

Pi is connecting to your server using the username user. The -R flag specifies that the given port on the remote (server) host is to be forwarded to the given host and port on the local side. Meaning that all connections made to port 2222 on your server are forwarded to the Pi on port 22. The -N flag tells SSH to not execute a remote command. It is useful for port forwarding. For further reading about SSH tunnels, check out this StackExchange answer.

In the next part

So far we’ve set up the Pi which connects out to an external server. From there it is possible to access the Pi from wherever you have access to the external server. That means you have access to your work network. In the next part let’s look at an example use case on how to connect to a Windows workstation via RDP. That requires some SSH tunneling.

comments powered by Disqus