Permanent SSH tunnel to OS-X behind NAT

I sometimes have an OS-X machine behind NAT that I want to get back to when I’m on the internet.

One way to achieve this is to set up an ssh tunnel on a machine with a known IP.

I put this file in “/Library/LaunchDaemons/com.example.ssh-tunnel.plist”:

 

<?xml version=”1.0″ encoding=”UTF-8″?>
<!DOCTYPE plist PUBLIC “-//Apple Computer//DTD PLIST 1.0//EN”
“http://www.apple.com/DTDs/PropertyList-1.0.dtd”&gt;
<plist version=”1.0″>

<dict>

      <key>Disabled</key>
      <false/>

      <key>Label</key>
      <string>com.example.ssh-tunnel</string>

      <key>ProgramArguments</key>
      <array>
         <string>/usr/bin/ssh</string>
         <string>-R19922:localhost:22</string>
         <string>-Nn</string>
         <string>remote_user@tunnelhost.example.com</string>
      </array>

      <key>RunAtLoad</key>
      <true/>

      <key>KeepAlive</key>
      <dict>
         <key>NetworkState</key>
         <true/>
      </dict>

      <key>UserName</key>
      <string>root</string>

    </dict>
</plist>

In this example, tunnelhost.example.com is the globally known server, and remote_user is set up with ssh keys to allow passwordless access.

Now if I ssh to  tunnelhost.example.com and then ssh to localhost:9922, I get back to the NATed machine.