Providing an SSH access to a home server (usually hidden behind NAT) from outside world (Internet) sounds like a tricky task to configure. But it is not, literally 2 commands and a VPS witn public IP is enough to do that.

I will need following:

  • Instances
    • VPS with public $IP
    • home server
    • away client
  • SSH keys
    • tunnel_rsa to access VPS from home
    • key_rsa to access home from away

On home instance, this command connects to $IP (VPS) and spawns there a listening at port 2222 reverse proxy connection back to home. This can run in background.

# home
$ ssh -i ~/.ssh/tunnel_rsa -R 0.0.0.0:2222:localhost:22 $IP -N

Now from away instance, SSH-ing to reverse proxy connection will let us to connect to home instance. Easy and securely.

# away
$ ssh -i ~/.ssh/key_rsa key@$IP -p 2222

Nice!

UPDATE:

Some useful tip on configuration /etc/ssh/sshd on VPC instance:

AllowTcpForwarding yes
TCPKeepAlive yes

Explanation of sshd -R flag.