1

I need to SSH to a computer that is behind a NAT. To this end a reverse SSH tunnel from that computer (with SSH server installed) is established to my publicly visible server (middleman.example.org):
ssh -f -N -T -R 9999:localhost:22 -p 7777 [email protected]
Now in order for me to get to that computer from any place I do:
ssh -J [email protected]:7777 -p 9999 user_behind_NAT@localhost

  1. I need to keep this tunnel alive for days or even weeks. I've heard about two ways to achieve this: (a) passing -o TCPKeepAlive=yes together with above mentioned options
    (b) use autossh instead of ssh

What is the difference between those two options? Which is better for which situation? Does it make sense to use both?

  1. As the sysadmin of middleman.example.org I don't want to trust this user behind a NAT and would like to limit the account mm as tough as possible. In the best case I would like to disable both interactive shell and even sftp, allowing only establishing reverse SSH connections (I myself will use my regular account to "jump" into the reverse tunnel). Is this possible somehow?
Improve this question

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.