Create a Two-Way SSH Tunnel in Linux

Why would you need to create a simple Two-Way SSH tunnel? In your Linux system administration job have you ever found your self in a situation in which you cannot SSH to a any of your servers/hosts that may be behind a firewall, NAT or otherwise obstructed from an easy access.

In order to gain the access, you would need to reconfigure the firewall or create VPN which could be an enormous overhead just because you need to execute few commands from now and then. With Two-Way SSH tunnel you can connect to any destination under a single condition, which is, the ability to ssh login from the destination to the source.

If you can do that, you can as well reverse login from source to destination even if it is behind firewall or NAT.

In this tutorial you will learn:

How to create Two-Way SSH tunnel

How to create a simple encrypted Two-Way SSH tunnel

Software Requirements and Conventions Used

Software Requirements and Linux Command Line Conventions
Category	Requirements, Conventions or Software Version Used
System	Any Linux distribution
Software	Source and destination hosts must have SSH client and SSH server installed and configured
Other	Privileged access to your Linux system as root or via the `sudo` command.
Conventions	# – requires given linux commands to be executed with root privileges either directly as a root user or by use of `sudo` command $ – requires given linux commands to be executed as a regular non-privileged user

How to create an encrypted Two-Way SSH tunnel step by step instructions

In this scenario UserA wishes to connect from the HostA with the IP address 204.55.6.77 to behind the firewall or NAT HostB with the IP address 156.78.4.56 which is maintained by UserB.

Create SSH tunnelIn order for UserA to get past the firewall the UserB must first initiate a remote ssh login to HostA while creating an encrypted tunnel to be accessed by UserA on a local ephemeral port eg. 50505. Any port from the 32768 to 61000 range should be fine to use. To do so the UserB executes:
```
HostB~$ ssh -R 50505:localhost:22 UserB@204.55.6.77
```

The result of the above linux command should be a successful remote login from HostB to HostA.

Check for a new local portAt this stage the UserA should be able to see port 50505 listening on the host HostA after executing the following command:

HostA~$ ss -lt
State       Recv-Q Send-Q        Local Address:Port                         Peer Address:Port                
LISTEN      0      128                       *:ssh                                     *:*                    
LISTEN      0      128               localhost:50505                                   *:*                    
LISTEN      0      128                       *:http                                    *:*                    
LISTEN      0      128                      :::ssh                                    :::*                    
LISTEN      0      128               localhost:50505                                  :::*                    
LISTEN      0      128                      :::http                                   :::*

Use SSH tunnel for a remote SSH loginAll what has left is for the UserA to use the SSH tunnel available on HostA‘s local port 50505 to SSH login to HostB:
```
HostA~$ ssh UserA@localhost -p 50505
```

After a successful SSH login the UserA should be connected to HostB via SSH tunnel.

Software Requirements and Conventions Used

How to create an encrypted Two-Way SSH tunnel step by step instructions

Related Posts: