Reverse SSH (or other tunnel/VPN)

[Michael Hipp]

Matthew Carpenter wrote:

> Yes.
> 
> If you simply want a tunnel to a port on the remote system, and you want
> it to be originated from that system:
> 
> remote# ssh -R <RMTPORT>:<lclhostname>:<lclport> <REMOTEHOST> vi
> </dev/null >/dev/null 2>&1 &
> 
> This sets the <REMOTEHOST> to listen on <RMTPORT> and tunnels the
> connection the <lclhostname> on port <lclport>
> 
> All these are as the executing system sees things.  So if this is run on
> a client system behind a NAT, <lclhostname> could be "localhost" or it's
> domain name, even if the other system can't actually "get back".
> 
> I do this in reverse for pulling and sending mail from my home-network.

Matthew, you lost me on this ...

(Or I'm just too dumb to get it.)

Do I understand you issue a command like the above on the *host* 
computer (behind NAT) and something shows up on the *client* that allows 
someone sitting in front of the client to get a shell from the host?

What is the purpose of the 'vi' command and all the redirects?

Sorry. I've done lots of these kinds of port tunnels from client-host 
but never considered how such might be done host-client.

Thanks,
Michael