If your Bitcoin Core daemon runs behind NAT and your ISP doesn't provide a public IP address, you may run it as a Tor hidden service to make it publicly available. However, that might not be sufficient for some use cases and thus a reverse SSH tunnel might come handy.
- Bitcoin Core daemon running on a Linux machine behind NAT.
- Let's call the machine
node.
- Let's call the machine
- A server with public IP address you have full access to.
- Let's call the server
vps.
- Let's call the server
- Create system user
bitcoinif not already present. - Edit
/etc/ssh/sshd_config:- Allow remote hosts to forwarded ports by setting
GatewayPortsoption toyes. - Append
bitcoinuser toAllowUsersif you already use this option.
- Allow remote hosts to forwarded ports by setting
- Restart SSH daemon for changes to take effect:
$ sudo systemctl restart sshd.service
- Open TCP port
8333in your firewall.
- Install
autosshif not already present. - Use
ssh-keygento generate SSH key for userbitcoin. - Append the following snippet to
/home/bitcoin/.ssh/config:ReplaceHost vps HostName #FIXME RemoteForward 8333 localhost:8333 ServerAliveInterval 30 ServerAliveCountMax 3#FIXMEwith the IP address of yourvps. - Use
ssh-copy-idto copy generated SSH key tovps. - Copy
bitcoind-tunnel.serviceto/etc/systemd/system/bitcoind-tunnel.service - Reload systemd services:
$ sudo systemctl daemon-reload
- Start the service and enable it at startup:
$ sudo systemctl start bitcoind-tunnel.service $ sudo systemctl enable bitcoind-tunnel.service
That's it, your node is publicly available! You may check it via bitnodes.io.