(I'm writing this mostly for myself so if/when some day in the future I want to set this up again and can't remember how, I've got something to reference.)

If you have a scenario where you'd like to access machines behind a corporate firewall without getting on their VPN, this might work for you. For instance if you occasionally need to access things behind the firewall from a machine running an OS (like linux) that is not supported by the IT overlords at your $JOB, you can set up a reverse SSH tunnel to connect a machine behind the firewall to a machine at home (or a VM on a cloud provider).

First off, get a VM up and running on the office network, install autossh, copy your SSH id to your bastion host, and then start a reverse tunnel. This would be done on "SECRETVM".

$ sudo apt install autossh
$ ssh-copy-id bastion
$ autossh -M 10984 -o "PubkeyAuthentication=yes" -o "PasswordAuthentication=no" -i /home/username/.ssh/id_rsa -R 2224:localhost:22 username@bastion -p 22

Now on your home machine (in the diagram above thats "Workstation") you need to add an entry to ~/.ssh/config

host secretvm
   User username
   ProxyCommand ssh bastion -W localhost:2224

Now, to get to the VM inside the office, you can just "ssh secretvm"!

To proxy your web traffic through that VM (so you can reach things like JIRA easily), use a SOCKS proxy. Run the following:

$ ssh secretvm -D 9932 -N

Then in Firefox, go to Preferences, General, Network Settings and select "Manual proxy configuration", set SOCKS Host to localhost with port 9932, and check the box for "Proxy DNS when using SOCKS v5".


Enjoy! Also don't tell IT as this could be a real security problem if your bastion host is not well secured. So be sure to do everything you can to lock that node down and keep it up to date.

EDIT: Adding a link to this excellent visual guide to SSH tunnels as it's SUPER useful!

EDIT: Adding a link to a MUCH faster SOCKS-over-SSH method, Rapid SSH Proxy

No Innocent Bystanders

Tue July 07 2020 by Christopher Aedo

Systemic racism impacts every person in this country. For some it means they’re more likely to get a job interview just because of their name. For others it means they’re more likely to be shot during a traffic stop just because of the color of their skin. Sociologists …

read more

Scandir errors with scripted backups on OSX

Tue June 02 2020 by Christopher Aedo

A few years ago I documented how I automatically back up my computer, plus my family members' machines and the process has been working really well. Recently however I noticed some directories were not getting backed up on OSX machines. Turns out since I updated to Catalina, the stricter security …

read more

Best Headphones Ever

Thu June 20 2019 by Christopher Aedo


Around 10 years ago I was traveling enough to where I thought I deserved some fancy noise-cancelling heaphones. At the time, Bose was the king of that space so I bought the QuietComfort 2 headphones. I loved them, but I could only keep them on for maybe two hours at …

read more

Whats On Tap, April 2019

Mon April 29 2019 by Christopher Aedo


Quick update to the blog about what's on tap these days!

It's been quite a while since the last update. That is mostly because I've been drinking a less lately. Busy, and watching my calories pretty closely while I try to drop a few pounds. Usually that means I don't …

read more

Whats On Tap, November 2018

Sun November 18 2018 by Christopher Aedo


Sticking with my promise to update the blog when I rotate what's on tap, here comes November's entry.

The last round of beer lasted pretty long. That's due to only having one bbq party, and me drinking less beer these last few months.

First up is another pale ale. Basically …

read more

Whats On Tap, August 2018

Fri August 10 2018 by Christopher Aedo


I promised to do this whenever something on tap changed but I completely failed to stay on top of that. Instead maybe I'll just do it when ALL the taps have rotated, as I am doing this time!

The Saison is tasty, but came out a little higher gravity than …

read more

Publish WordPress to static GitLab Pages site

Mon August 06 2018 by Christopher Aedo

A long time ago I set up a WordPress blog for a family member. Though there are lots of other options these days, back then there were few decent choices if your requirement was a web-based CMS with a WYSIWYG editor. An unfortunate side effect of things working well was …

read more

Whats On Tap, February 2018

Thu February 08 2018 by Christopher Aedo


I am going to start putting up a little post whenever what's on tap at home changes. I will also make an effort to post when I brew something as well. To that end, here's the first post on that subject!

The Porter I brewed came out really nice. When …

read more

Peanut Butter Banana Pancakes

Sun January 07 2018 by Christopher Aedo

Over the last year I've been making small tweaks to my Aedo Family Secret Pancake Recipe, and I think I've finally perfected it. Rather than update the original post I thought it would be better to make a new one for reference. Ultimately the modifications were pretty small (less olive …

read more