When a device is not reachable you can install the reverse-ssh-tunnel.service to it.
Activate it and it will connect by itself to an accessible sshd.
Then you can connect (directly or via ProxyJump
) to the device.
(Generate and) copy the ssh key over to the reversessh server:
ssh-keygen -t ed25519 && ssh-copy-id reversessh@reversessh.3t0.de
connect once to the remote manually: ssh reversessh@reversessh.3t0.de
Once everything is done use ssh -p 43022 localuser@reversessh.3t0.de
from your client
You can expose the port so you can connect to it directly. This is simpler to setup but allows everyone to connect to your device.
ssh -p 43022 reversessh.3t0.de
This required GatewayPorts clientspecified
to be set on the server sshd_config
to bind to all interfaces.
With ProxyJump
(see man ssh_config
-> ProxyJump) you can connect via the server.
Use localhost:43022:localhost:22
instead of *:43022…
in the service file.
Adapt your ~/.ssh/config:
Host my-device
HostName localhost
ProxyJump reversessh.3t0.de
Port 43022
For more convenience adapt the /etc/hosts
and set the device name as ::1
to be used instead of localhost in the ssh config.
::1 my-device
now you can connect with ssh my-device