In this example

Destination is puna-o-te-ki dialed up on a 3G Vodafone mobile broadband modem. It gets a DHCP address AND is blocking ssh inbound.

Our Middle server is an always on server behind a NATd network also on a DHCP WAN address. That WAN address is advertised via DynDNS so we know where to look for it.

Our Origin is our laptop – anywhere in the world, also DHCP and NATd.

Create our .ssh/config file

Host house
HostName house.dyndns.com
Port 2220

Create the ssh DSA key

rossetti@puna-o-te-ki:~$ ssh-keygen -t dsa

Install it on the server in the middle

rossetti@puna-o-te-ki:~$ ssh-copy-id -i ~/.ssh/id_dsa.pub house

Bring up the tunnel
-R reverse tunnel
-N no remote command
-n redirect stdout to /dev/null (required for backgrounding ssh)
-T Disable pseudo-tty allocation

rossetti@puna-o-te-ki:~$ ssh -nNT -R 22002:localhost:22 house

Test the tunnel

rossetti@Wakatipu:~$ ssh localhost -p 22002

Set up client keepalive on the destination server.

rossetti@puna-o-te-ki:~$ cat /etc/ssh/sshd_config
TCPKeepAlive yes
ClientAliveInterval 300
ClientAliveCountMax 99999

Set up GatewayPorts on the middle server. This allows us to pass through the middle server without ssh in there and then on to the destination. You’ll also need to forward our destination port on the middle servers router/firewall to the middle server.

rossetti@Wakatipu:~$ cat /etc/ssh/sshd_config
GatewayPorts yes

Test sshing in from our origin laptop

whale:~ rossetti$ ssh house -p 22002

http://en.gentoo-wiki.com/
http://articles.techrepublic.com.com/