Sample Header Ad - 728x90

Reasons for reverse SSH tunnel failure

0 votes
1 answer
40 views
sshd vps nas
I have a NAS in my living room with a bunch of services like GitLab, NextCloud, my personal Website etc. running on it. All these services are reachable via a reverse SSH tunnel between my Ionos VPS with a public IP address running the reverse proxy for my domain and my NAS. This works fine. However, I cannot for the life of me get a regular remote SSH connection from my terminal to the NAS to be established which means I have to SSH into the VPS first and then SSH into the NAS from there and can only use GitLab via HTTPS not SSH. Maybe someone here has an idea. Here's my setup:
NAS (main user malik):
autossh unit: 
[Unit]
Description=Reverse SSH Tunnel to VPS
After=network-online.target
Wants=network-online.target

[Service]
User=malik
Environment=HOME=/home/malik
ExecStart=/usr/bin/autossh -M 0 -N \
  -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" \
  -i /home/malik/.ssh/vps_autossh \
  -R 8080:localhost:80 \
  -R 8443:localhost:443 \
  -R 3001:localhost:3001 \
  -R 8001:localhost:8000 \
  -R 8099:localhost:8099 \
  -R 8022:localhost:8022 \
  -R 2222:localhost:2222\
  tunneluser@212.227.63.142
Restart=always
RestartSec=10

[Install]
WantedBy=multi-user.target
SSHD config: 
Include /etc/ssh/sshd_config.d/*.conf

AuthorizedKeysFile      .ssh/authorized_keys

Subsystem       sftp    /usr/lib/ssh/sftp-server
VPS: Main user root for admin and restricted user tunneluser for reverse tunnels SSHD config: 
Include /etc/ssh/sshd_config.d/*.conf

KbdInteractiveAuthentication no

UsePAM yes

AcceptEnv LANG LC_*

Subsystem       sftp    /usr/lib/openssh/sftp-server

ClientAliveInterval 120
PermitRootLogin yes

Match User tunneluser
    PasswordAuthentication no
    AllowTcpForwarding yes
    GatewayPorts yes
I use 8022 for GitLab SSH and 2222 for my main NAS user. It looks like everything is working: 
root@my-vps:~# sudo netstat -tulnp | grep 8022
tcp        0      0 0.0.0.0:8022            0.0.0.0:*               LISTEN      3546/sshd: tunnelus
tcp6       0      0 :::8022                 :::*                    LISTEN      3546/sshd: tunnelus
root@my-vps:~# sudo netstat -tulnp | grep 2222
tcp        0      0 0.0.0.0:2222            0.0.0.0:*               LISTEN      3627/sshd: tunnelus
tcp6       0      0 :::2222                 :::*                    LISTEN      3627/sshd: tunnelus
When I try to connect from my laptop I get a network unreachable error: 
ssh -p 2222 malik@212.227.63.142
ssh -p 8022 git@212.227.63.142
telnet 212.227.63.142 2222
telnet 212.227.63.142 8022
What am I doing wrong?
Asked by KilakOriginal (21 rep)
Jul 30, 2025, 03:21 PM
Last activity: Jul 31, 2025, 01:49 PM
Sidebar Ad - 300x250
Related Questions

Browse more questions from Unix & Linux Stack Exchange

More questions tagged "sshd"
More questions tagged "vps"
More questions tagged "nas"
Footer Ad - 728x90