Suppose there are three computers: (1) my laptop, (2) a server that has a public static IP address, and (3) a Raspberry Pi behind a NAT. I connect from (1) to (3) via (2) as explained below.
On the server (2), I add GatewayPorts yes
to /etc/ssh/sshd-config
, and restart the SSH daemon: sudo systemctl reload sshd.service
.
On the Raspberry Pi, I create a reverse SSH tunnel to the server:
rpi$ ssh -R 2222:localhost:22 username-on-server@server-ip-address
On my laptop, I am now able to connect to the Raspberry Pi using:
laptop$ ssh -p 2222 username-on-pi@server-ip-address
The question is: is the server able to see the data sent between my laptop and the Raspberry Pi? Can the server eavesdrop on the SSH session between my laptop and the Raspberry Pi?