ssh – Help Someone Behind a NAT Router Over SSH

sshssh-import-id

For helping others quickly, SSH is very useful, especially combined with GNU Screen. It's common that users are behind a NAT router. Even if the user can configure the router, it takes some time to remember the password, find the right options, etc.

So, what is the easiest way to help others over SSH if they're behind a NAT router?

I currently tell people to open a terminal run the below command and pass me their IP from a site like http://ip.appspot.com/:

sudo apt-get install openssh-server ssh-import-id && ssh-import-id lekensteyn

Obviously, this is not going to work if they're behind a NAT router or have a personal firewall configured. So, is there something like:

sshd --accept-help-from lekensteyn

I'm not looking for alternatives like Teamviewer, just a shell like SSH. It should be open-source too.

Best Answer

If your own computer can accept SSH connections, there is a way to use the technique that Pavlos G. linked to without an extra computer.

You first need an underprivileged* user that your friend will connect as:

sudo adduser reverse --shell /bin/false

Tell your friend to start the tunnel:

ssh -N -R 62222:localhost:22 reverse@lekensteyns-server

Then, on your own computer (lekensteyns-server), start the reverse connection:

ssh -p 62222 localhost

* I don't know enough about security to be able to advise on creating a suitably underprivileged user. That's probably something that should be covered in a separate question.

Related Question