How to get SSH access to a machine that can't open listening ports
This will work on any machine that can freely connect to outside ports, but can't listen for incoming connections.
In particular, Azure DevOps CI agents have no "Rebuild with SSH" option (like CircleCI does), so this technique can be handy for debugging CI issues.
- You must be able to run arbitrary commands on the remote host, ideally including installing an SSH server.
- You need a machine on the internet that's able to open a listening port. I used my Linode. You could use an AWS free tier
t2.micro, or open a port to your local machine. Anything works as long as it runs SSH and can receive packets from the target machine. We'll call this machine the 'bounce server'.