Scenario 2 (Reverse Tunnel)
Use this mode if you want to connect from Machine A to B, but you only have permissions to configure port forwarding on Machine A (for example, if Machine B is behind a corporate firewall).
This mode uses an SSH reverse tunnel, in which Machine B initiates the connection to Machine A, after which connections can travel over a port mapped from Machine A to another port on Machine B.
Start by configuring your router to forward a public port to port 22 on Machine A. This process will look very different depending on your router and is beyond the scope of this document. The following examples will use port 443 (see Public Port Selection), but any public port may be used.
On Machine A, configure the Connection to point to the remote computer and the Tunnel to point to the local computer. Again, we will choose 3389 (RDP) as the Destination Port.
A random, available local port will selected for the reverse tunnel (in this example, 50579).
Until we have configured Machine B, it is normal to see a Warning icon. This indicates that the SSH server has been started, but no machine has established a reverse tunnel yet.
As in scenario 1, we will need two values from Machine A.
- The SSH server private key, which can be obtained by pressing this icon:
- The machine's public IP address. If you don't already know the public IP (or have a domain name), use this icon to copy the public IP to the clipboard:
On Machine B, configure the Connection to point to the local computer and the Tunnel to point to the remote computer.
- In the "Destination Port" field, choose the port that you want the remote computer to connect to on the local computer. We will use 3389 (RDP).
- In the "Tunnel IP address or name" field, enter the public IP address or name of Machine A as obtained previously.
- In the "Tunnel Port" field, enter the public port that was previously mapped to Machine A's port 22.
- In the next field, enter the tunnel local port that was automatically selected on Machine A (in this example, 50579).
- Finally, click the following icon and enter the SSH server private key from Machine A as obtained previously.
If the tunnel is established successfully, there should be a green checkmark on Machine B. If so, the tunnel status on Machine A should also have updated from the yellow warning sign to a green checkmark.
If there are any tunnel errors, they will be indicated by a red X. Click the X to obtain further details about the tunnel error. These will be standard SSH errors, so searching for the error text should give a good clue as to the cause.