Persistent reverse SSH tunnel. Connect to internal network from outside.

setup_tunnel.sh

#!/bin/bash

listenport_on_remote=5500
identity_key=/home/me/.ssh/tunnel

#############################

REMOTE=$1

if [ ! "$REMOTE" ]; then
    echo "Usage: user@host[:port]"
    exit 1
fi

connect_user=${REMOTE%%@*}
REMOTE=${REMOTE#*@}
connect_host=${REMOTE%:*}
connect_port=${REMOTE##*:}
if [ ${#REMOTE} == ${#connect_port} ]; then
    connect_port=22
fi

CMD="ssh $connect_host -l${connect_user} -p${connect_port} -R${listenport_on_remote}:localhost:22 -i $identity_key -N -f"
PID=`pgrep -u $(whoami) -f "^ssh ${connect_host}.* -R${listenport_on_remote}:"`

if [ -n "$PID" ]; then
    echo "tunnel is running."
else
    echo -n "tunnel down. starting... "
    $CMD
    if [ $? -eq 0 ]; then
        echo "done"
    else
        echo "fail: $?"
    fi
fi

tunnel.cron

* * * * * ~/setup_tunnel.sh me@myshell.com 1>/dev/null 2>&1
* * * * * ~/setup_tunnel.sh tunnel@privateserver.net:6543 1>/dev/null 2>&1

usage

$ ssh me@myshell.com -L5500:localhost:1200
or
$ ssh tunnel@privateserver.net -p6543 -L5500:localhost:1200

... and connect to localhost:1200 as to the other tunnel endpoint (machine within internal network).

$ ssh me@localhost -p1200