How to overcome incoming ssh firewalls through an intermediate relay ssh server

The way to forward ssh is as follows. I essentially read the openssh
cookbook here

I have machine A (thinkpad), behind a firewall that cannot accept
incoming network connections. Then we have machine B (imac) that is also
behind a firewall that cannot accept incoming network connections. But
they can both connect to my home server. A simple schematic of the
allowed connections is as follows:

thinkpad --> shirl_dell_server
imac --> shirl_dell_server

I want to make a connection from

thinkpad --> imac

The way to do this is to use shirl_dell_server as a relay to
circumvent the firewall that prevents incoming connections on the
thinkpad and imac. For example, my University does this. The way to do
this is to establish one normal ssh tunnel and one reverse ssh tunnel.

  1. From thinkpad run
    ssh -fN -L 9000:localhost:9000 shirl_dell_server 

    This establishes a tunnel from local port 9000 (-L) to remote port
    9000 on shirl_dell_server. The -N allows you not run any command
    on the remote server — it usually runs the login shell — and the
    -f allows the process to drop to the background.

  2. From the imac run

    ssh -fN -R 9000:localhost:22 shirl_dell_server

    This establishs a reverse ssh tunnel from remote port 9000 (-R) to
    the localport 22 where an sshd server is listening for incoming

  3. Then from thinkpad, run

    ssh -p 9000 localhost -l username

    This would get forwarded to the remote server’s 9000 port through
    the ssh tunnel. The remote server would forward the incoming traffic
    on 9000 to the imac’s port 22 through the reverse ssh tunnel.

This would then show you an ssh login prompt.

Note that you may have to enable to options

AllowTcpForwarding  yes
PermitTunnel        yes

Note that disabling AllowTcpForwarding does not improve security as the
sshd_config manpage says. Permitting tunnels, however, might decrease
security since it might allow you to circumvent other firewalls.