Reverse ssh tunnel allows you use an encrypted tunnel for forwarding a connection to a remote host to your local workstation. To use reverse ssh tunnel one need to open a port from EC2 firewall configuration. I am running Ubuntu 10.04 LTS ami but this should work on all Linux instances.
Say I want to open 9000 port on my EC2 instance. I assume that I am using the 'default' security group (each security group consists of set of firewall rules). To do so, run the following from ec2 command line tool -
ec2-authorize default -p 9000
Also authorize ssl port 22 if done yet.
ec2-authorize default -p 22
Now log in to your ec2 instance and check if the following options exist in /etc/sshd_config file or not. If not, append the the lines to file.
AllowTcpForwarding yes
GatewayPorts yes
Now make the reverse ssh tunnel -
ssh -nNT -R0.0.0.0:9000:localhost:3000 <username>@<ec2_public_dns_or_ip> -i <your_private_key_file_that_ends_with_pem>
(Thanks to Vincent Danen for his tutorial Setting up a reverse SSH tunnel where he shows how to do reverse ssh without opening a terminal). Here is description of the parameters:
-n prevents reading from standard in
-N just set up a tunnel, without opening a console for executing command
-T disable pseudo tty allocation
-R reverse ssh tunnel. This parameter option must be followed by [bind_address:]port:host:hostport
-i your identity file (private key)
Thats it! Now point your browser to
http://<ec2_public_dns_or_ip>:9000
enjoy :)