SSH Reverse Proxy / Tunneling

Let’s say you own the domain and the port 22 works as an SSH port for some VM/Server. This means that you can SSH into it like so:


But SSH can do much more. One of the features is a reverse TCP proxy, which can expose a port on your local device with one command.

ssh -R \*:80:localhost:8080 -N

The -N flag isn’t required, it’s to saying that after SSHing we don’t need to execute any commands.

This will work for anything that uses TCP, such as a web server, SSH port, or even your Minecraft server.

This will bind to your localhost:8080. Keep in mind, that in order to bind to low ports (like 80 or 443) you’ll need to ssh as root.

Enable root login with password

If you also want to enable ssh root login with a password:

echo "PermitRootLogin yes" | sudo tee -a /etc/ssh/sshd_config
sudo systemctl restart sshd

Binding to all addresses

If you want to make it accessible on addresses other than localhost (such as to make it available publically):

echo "GatewayPorts=clientspecified" | sudo tee -a /etc/ssh/sshd_config
sudo systemctl restart sshd

Starting simple http server

If you start a HTTP server on port 8080 locally, it will also be available on port 80:

python -m http.server 8080


Dominik Tarnowski
I write code.