how to block brute force attacks on reverse tunnels?

Gert Doering gert at
Fri Apr 26 02:14:49 AEST 2024


On Thu, Apr 25, 2024 at 11:14:56AM -0400, Steve Newcomb wrote:
> For many years I've been running ssh reverse tunnels on portable Linux,
> OpenWRT, Android etc. hosts so they can be accessed from a server whose IP
> is stable (I call such a server a "nexus host"). 

I tend to close everything "towards the Internet", except a single SSH
port which is then set to pubkey-only.

So you'd need to login to the nexus host and jump onwards from there
("ssh -J nexus-host" :) ) - which is not what you have been asking for,
but might be easier to achieve.


"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
                             Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany                             gert at

More information about the openssh-unix-dev mailing list