Reverse SSH with golang

I have a server and a remote computer. Now I want to access the remote computer via SSH but it is possible that it is behind a NAT. That's one of the reasons I want a reverse SSH connection.

The idea is to establish a connection from the remote computer to the server and use this connection to communicate via SSH from the server to the remote computer.

With OpenSSH this is quite easy. From the remote computer I open the reverse SSH tunnel:

ssh- R 19999:localhost:22 user@192.168.0.10

Now I can use this from the server side with:

ssh localhost -p 19999

I want to achieve the same behavior with a go application and the go SSH library on the remote computer. The server will still use OpenSSH so it should not be changed.

I know how to connect to a computer via SSH from go but how can the reverse part be achieved?

func main() {
    config := &ssh.ClientConfig{
	    User: "vagrant",
	    Auth: []ssh.AuthMethod{
		    ssh.Password("vagrant"),
	    },
    }

    conn, err := ssh.Dial("tcp", "192.168.0.10:22", config)
    if err != nil {
	    panic("Failed to dial: " + err.Error())
    }
}

I found a solution. OpenSSH returns a terminal session or the output of a command if you supply one. Furthermore it allows you to authenticate the connection from the server to the client over the open tunnel.

To support this behavior I needed to supply the listener of the open connection to a ssh server implementet in go on the remote side. More complicated then I thought but it works.

I got a working example server here. I just need to exchange the listener in the example code for a listener on the client connection.

You use Client.Listen (or Client.ListenTCP) to setup the forwarding port on the server.

You can then accept connections from the returned listener just as you would any other network listener.