ssh through a router without port forwarding

I have a linux server, and I want to put it in a home network behind a router. I need to ssh to this server sometime from outside, but I don't want to set up port forwarding because I don't have access to the router, and I don't know the ip of the router either.

What I can do is to put some program in the linux server, so when it is connected to Internet, it will constantly sending data to my other server online so I know the ip address of it. But is there a way to ssh to the server behind the router from outside? something like NAT or socket that maintains the network connection?

Thanks a lot


What you would want to do is ssh FROM your "linux server" TO something on the outside, such as "my_other_server" or something else both servers can get to.

You would use ssh remote port forwarding.
[user@linux_server]$ ssh -R8022:localhost:22 my_other_server.com
Explaination: Connect to my_other_server and open port 8022 there which will forward back to me on port 22.

From my_other_server.com you will be able to ssh to localhost on port 8022, and have your traffic forwarded to linux_server piggybacking on the linux_server -> my_other_server tunnel [user@linux_server]$ ssh -p8022 localhost
Explaination: Connect to myself on port 8022 which is forwarded to linux_server

If you have problems with the initial linux_server -> my_other_server tunnel dropping out, you could make a script to keep it open, adjust the keepalive settings, or use autossh.


This answer is based on the accepted one, but adding the details that allowed me to get it done. I apologize for the pedestrian explanation, since this is not at all of my expertise.

Suppose you have two computers, A and B. You want to ssh from A to B, and you cannot do any port forwarding in the routers connected to them.

As the accepted answer states, you need a server S to do this: in computer B, you will allow ssh connections coming from S; and from computer A, you will access that tunnel at S to reach B.

But how do you get that server S? I found serveo (link: https://serveo.net/). It is of very simple use. You do not have to install anything or register and it is free. According to the website, the steps to follow are:

  1. Think of an alias for computer B. For example, computer_B_alias.

  2. In computer B, execute ssh -R computer_B_alias:22:localhost:22 serveo.net.

  3. Now, you can access computer B from computer A by executing the following in computer A: ssh -J serveo.net user@computer_B_alias, where you have to substitute user by the name of the user in computer B.

P.S.: Of course, you make point 2 an automatic task when starting your computer B.

P.S.S.: Before you try this, make sure that ssh is installed in both computers. For Ubuntu, sudo apt-get install ssh would do the job.


You can use ngrok. The process is easy:

  1. Register on their site
  2. wget https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-amd64.zip
  3. unzip ngrok-stable-linux-amd64.zip
  4. ./ngrok authtoken < unique key from your ngrok account >
  5. ./ngrok tcp 22
  6. on the remote pc you can connect like this:
    1. ssh [email protected] -p 11000

You can use a VPN of sorts to get this working, but it would require you to have a server that the inaccessible server can access. Then you can set up OpenVPN on the server, your PC, and the firewalled server, enable client-to-client, and you're done. http://openvpn.net/howto.html


Long time to answer.Hoping it could help someone who is looking for same now.

If you want to access a server behind NAT and you don't want to write code, you can probably go for a tool among below and use whatever suits to your need.

  • tmate
  • Teleconsole

Both of the above tools assume you have the access to the linux machine to install their client Some of their benefits are :

  • Both gives you access to the terminal using web interface
  • You do not need an intermediate reverse ssh host of your own.
  • Very easy to install
  • Both are open source

I personally prefer tmate more as you can host the tmate server on your own intermediate server (for reverse ssh ) while teleconsole can only connect to their own servers for reverse ssh.