Creating Remote Connections: Home Computer to Campus Intranet via Cloud

2 minute read

Published: September 29, 2023

SSH Networking Remote Access

This guide explains how to set up remote access from your home laptop to a campus intranet server using a cloud relay (e.g., AWS EC2). The technique uses reverse SSH tunneling so the campus machine initiates the outbound connection, bypassing firewall restrictions.

Overview

Problem: Campus servers sit behind a firewall — you can't SSH in directly from home.
Solution: The campus machine opens a reverse tunnel to a cloud server; you connect through the cloud server.
Tools: ssh, autossh, systemd for auto-reconnection on boot.

Architecture

CHome Laptop ——SSH——> BCloud Server <——Reverse SSH—— ACampus Server

Machine	Description	Network
A	Campus server (behind firewall)	Campus intranet
B	Cloud relay (e.g., AWS EC2)	Public IP
C	Your home laptop	Any network

Part 1 — Set Up A → B (Campus to Cloud)

Step 1 — Generate SSH key pair on A

Create a passwordless key pair so autossh can reconnect without human intervention.

ssh-keygen -t rsa
# Press Enter for all prompts
# Key will be saved to ~/.ssh/id_rsa

Step 2 — Copy public key to B

ssh-copy-id -i ~/.ssh/id_rsa.pub ubuntu@CLOUD_IP -p 22

Step 3 — Install autossh on A

autossh monitors the SSH connection and automatically restarts it if it drops.

apt-get install autossh

Step 4 — Test the reverse tunnel

autossh -M 9991 -NfR 8990:localhost:22 ubuntu@CLOUD_IP

Verify on B by running:

watch -n 1 netstat -tnlp

You should see port 8990 listening.

What does -NfR 8990:localhost:22 mean? It tells SSH to forward port 8990 on B back to port 22 (SSH) on A — a reverse tunnel. -N means no remote command, -f runs in background.

Part 2 — Automate with systemd

To ensure the tunnel survives reboots and network interruptions, create a systemd service on A.

Step 5 — Create the service file

vim /lib/systemd/system/autossh.service

Paste the following:

[Unit]
Description=Auto SSH Tunnel
After=network-online.target

[Service]
User=YOUR_USER_NAME
Type=forking
ExecStart=/usr/bin/autossh -NR 9888:localhost:22 -i /home/YOUR_USER_NAME/.ssh/id_rsa ubuntu@CLOUD_IP -p 22
ExecReload=/bin/kill -HUP $MAINPID
ExecStop=/bin/kill -TERM $MAINPID
KillMode=process
Restart=always

[Install]
WantedBy=multi-user.target
WantedBy=graphical.target

Step 6 — Enable and start the service

systemctl enable autossh
systemctl start autossh
systemctl status autossh

Tip If the service fails to start, check that the SSH key path and username in the service file are correct. Use journalctl -u autossh to inspect logs.

Part 3 — Connect C → A (Home to Campus)

From your home laptop C, connect in two hops:

Step 7 — SSH into the cloud server B

ssh ubuntu@CLOUD_IP

Step 8 — Hop through to campus server A

From B, connect through the reverse tunnel:

ssh -p 9888 YOUR_USER_NAME@127.0.0.1

Security note Keep your cloud server's SSH access locked down — use key-only authentication, disable password login, and restrict the security group to your IP range if possible.

You now have remote access from your home laptop to your campus intranet server, with automatic reconnection on boot.

Yutong Yan

Overview

Architecture

Part 1 — Set Up A → B (Campus to Cloud)

Step 1 — Generate SSH key pair on A

Step 2 — Copy public key to B

Step 3 — Install autossh on A

Step 4 — Test the reverse tunnel

Part 2 — Automate with systemd

Step 5 — Create the service file

Step 6 — Enable and start the service

Part 3 — Connect C → A (Home to Campus)

Step 7 — SSH into the cloud server B

Step 8 — Hop through to campus server A