Reverse SSH port forward

Goal is to access inside network port, e.g a web UI to switch or firewall, within a protected network. SSH client could be any device that can run SSH client. I’ve done this trick with SBCs, Switches, AP, and other low end devices. Also assume you have access to SSH server that is publicly accessible. Please consider the security implementation of this before comiting. In my case this was temporary to recovery access to remote devices.

Example Diagram:

Run the follow command on SSH Client

ssh -f -N -T -p 222 -R 2215: username@

-f  : run ssh client in background
-N : Do not execute remote command (port forward only)
-T : Disable TTY allocation
-p : port on remote endpoint. standard port is 22
-R : Port forward on remote host. [Port on remote endpoint]:[Destination host]:[Destination port]
user@ip ssh remote endpoint

After connection has been established, user at SSH server can access firewall at https://localhost:2215

Leave a Reply