Question 1

What is a reverse SSH tunnel?

Accepted Answer

A reverse SSH tunnel allows a remote system to forward a port back to your local machine, enabling you to access services behind firewalls or NAT from a remote location using SSH.

Question 2

Which SSHD config settings are needed for reverse tunnels?

Accepted Answer

You need to enable 'AllowTcpForwarding yes' and 'GatewayPorts yes' in /etc/ssh/sshd_config to allow reverse SSH tunneling.

Question 3

What does 'GatewayPorts clientspecified' do?

Accepted Answer

It allows the client to specify which IP address can connect to the forwarded port, offering more control and limiting exposure compared to 'GatewayPorts yes'.

Question 4

Can I restrict who can connect to the reverse tunnel?

Accepted Answer

Yes. By setting 'GatewayPorts clientspecified', only IPs explicitly allowed by the client can access the forwarded port.

Question 5

Is using reverse SSH tunnels secure?

Accepted Answer

When configured properly and with access controls, reverse SSH tunnels can be secure. Always ensure proper hardening, such as using key-based auth, restricting ports, and logging usage.