Previously I wrote a SSH Tunnel Tips that introduced some SSH tunneling techniques, but it lacked context and coherence, so I’ve reorganized it here and presented a network topo diagram. A better explanation of what I’m doing.

Network Basics

Suppose my network situation is a simplification of this Topo.

The following is a list of the most important things you can do for your business.

So here are a few possible operations.

Among these scenarios, the easiest one to implement is: SSH from Home PC to VPS, which is also the most common operation we usually do. The reason why we can easily implement this principle is that the VPS has a public IP, so we can route directly from the Home PC to the VPS.

As you can see in the figure above, simply put, the difference between PC and VPS lies in the fact that the PC is connected to the router once, so if the PC intervenes in the ISP network directly, can it have a public IP? However, with the spread of fiber optics, even if you don’t use a router, you are not directly intervening in the ISP’s backbone, but rather in one of the ISP’s splitters, such as the FTTB series. So, the idea of having a PC (router) have public IP is not universal, and even if it did, the ISP would probably restrict it to a few ports, so it would not be used much.

SSH Tunneling

So, to get to the point of this article, since you can’t connect to the PC directly, can you do the opposite and let the PC initiate the request itself, which is the principle of SSH tunneling.

  1. [root@liqiang.io]# ssh -qngfNTR 9999:localhost:8888 root@

Command Line Quick Use

  1. [root@liqiang.io]# cat ~/.ssh/config
  2. Host jump
  3. HostName
  4. Port 22
  5. User root
  6. IdentityFile /root/.ssh/id_rsa
  7. ForwardAgent yes
  8. Host
  9. HostName
  10. ProxyJump jump
  11. User zhangsan


The reverse tunnel listens only to localhost.

  1. [root@liqiang.io]# cat /etc/ssh/sshd_config
  2. GatewayPorts = yes

Proxy UDP

Reverse Proxy