Poor Man's VPN: How to Use Reverse SSH for Quick NAT Traversal

Suppose you want to connect from PC A to PC B, and neither have a pubilc IP. How can you do that? One way is to use iroh-ssh, it's neat but currently they don't support custom relays so it's a deadend in more restricted networks. But if you own a VPS, you can actually can connect these two.

Assuming you have installed autossh on B, create a systemd service on it as well /etc/systemd/system/autossh-ssh.service:

[Unit]
Description=AutoSSH Service
After=network.target

[Service]
Type=simple
User=user
Environment=AUTOSSH_GATETIME=0
ExecStart=/usr/bin/autossh -M 0 -N -o "ServerAliveInterval 30" -o "ServerAliveCountMax 10" -o "ExitOnForwardFailure yes" -o "AddressFamily inet" -o "TCPKeepAlive no" -R localhost:REMOTE_SSH_PORT_ON_VPS:localhost:SSH_PORT_OF_B -i YOUR_KEY_ADDRESS USER@VPS -p VPS_SSH_PORT
Restart=always
RestartSec=5
KillMode=process   # Ensure child processes are not killed

[Install]
WantedBy=multi-user.target

Then enable it using sudo systemctl enable autossh-ssh. Now it will always keep a connection to your VPS and expose its SSH port on your VPS's localhost:REMOTE_SSH_PORT_ON_VPS (localhost can be changed to your VPS's static IP if that's what you need). Now you can connect to B on your VPS.

If you need B's SSH port on A, you have to port forward: ssh user@VPS_IP -p VP_SSH_PORT -L localhost:REMOTE_SSH_PORT_ON_A:localhost:REMOTE_SSH_PORT_ON_VPS, which means you can connect to B from A: ssh user@localhost -P REMOTE_SSH_PORT_ON_A. Q.E.D!