You can forward a port on the remote machine to the local machine while still initiating the tunnel from the local machine.
This is useful if you have a service on the remote end you want to have connected to something on the local machine , but you don't wish to open up your firewall or have SSH private keys stored on the remote machine. By using a reverse tunnel, you maintain all of the control on the local machine. An example usage for this would be for logging messages; by setting up a reverse SSH tunnel, you can have a logger on the remote system send logs to the local system (i.e., syslog-ng).
To set up the reverse tunnel, between you office computer (behind NAT/Firewall that can not be access using SSH from outside world) and your home computer, use:
1. SSH from the destination to the source (with public ip) using command below(From Office -> Home):
ssh -R remote_port:localhost:22 your_home_computer
Ex.ssh -R 1100:localhost:22 myhome.mydomain.com
2. you can SSH from source to destination through SSH tunneling (you run that from your home computer Office <- Home)ssh localhost -p 1100
3. 3rd party servers can also access 192.168.20.55 through Destination (138.47.99.99).
Destination (192.168.20.55) <- |NAT| <- Source (138.47.99.99) <- Bob's server
3.1 From Bob's server:
ssh sourceuser@138.47.99.99
3.2 After the sucessful login to Source:
ssh localhost -p 19999
* the connection between destination and source must be alive at all time.
Tip: you may run a command (e.g. watch, top) on Destination to keep the connection active.