Automatically request secure maintenance tunnel from maintenance server to computer.

What aalatunneli is used for?

It's sometimes impossible to connect from computer A to computer B, even if reverse works. This can be because of B has dynamic IP (so user of 'A' does not know where he should connect), NAT, firewall... For now on, we will call A as Maintenance server and B as client.

With aalatunneli, client connects to server and creates tunnel inside which server can connect back to client. This is not general solution for all kind of network traffic, but just for creating maintenance connection.


Aalatunneli creates reversed ssh tunnel from maintenance server to initiating computer. This tunnel connects one port from maintenance server to special (or if really wanted, standard) local telnet port. This causes any traffic to that maintenance server port to be transferred to local telnet port. Maintainer can then 'telnet localhost <server port>' to open telnet connection through that tunnel to client computer.

Telnet is used instead of ssh in connection inside tunnel since tunnel itself is already crypted. There is no need to add overhead from second layer of crypting. ssh tunnel + telnet is basically same as ssh shell access.

There is one part where ssh connection inside tunnel would be more secure.

However, this unencrypted traversal is already inside client computer. This would be issue only for already compromised computer where intruder can access traffic from tunnel to telnet daemon, but not what goes on after data has been decrypted anyway.

All this is not to say that aalatunneli will never use ssh instead of telnet. Future versions might do so.


Many people think that word 'ssh' equals to 'shell usage over crypted connection'. After all, this is what ssh command does by default.

Core functionality of ssh is creating crypted tunnel. Running the shell is not essential part of ssh. Aalatunneli is using ssh just to create the crypted connection, tunnel. It is not directly giving shell access, nor bypassing any username/password checks. It is actually more secure method than simply running ssh daemon, since it has additional restrictions for accessing computer.

Tunnel creation uses public/private keys to make sure that other end really is what it claims to be.

Reporting problems

Please report any bugs to Bugzilla.


Marko Lindqvist


Latest version is 1.0.0

Debian packages for several Ubuntu and Debian releases are available for apt-get from my debian package repositories.

Aalatunneli 1.0.0 (29-Sep-09)

Aalatunneli 0.3.5 (10-Mar-09)

Aalatunneli 0.3.4 (26-Feb-09)

Aalatunneli 0.3.3

Aalatunneli 0.3.2

Aalatunneli 0.3.1

Aalatunneli 0.2.0

Aalatunneli 0.1.1

Aalatunneli 0.1.0

Known problems