INC-2026-04-07-001: Resolution

Resolution

Immediate Fix

# 1. Remove stale host key
ssh-keygen -R '[localhost]:2222'

# 2. Connect with explicit identity
ssh -p 2222 -i ~/.ssh/id_ed25519_d000 localhost

Verification

SSH session established to modestus-razer
Shell prompt confirmed: evanusmodestus@modestus-razer
System info banner: Arch Linux, 24 cores, 62.2 GB RAM, 3 LUKS volumes

Reverse SSH Tunnel Reference

How It Works

A reverse tunnel (-R) tells the remote sshd to listen on a port and forward traffic back through the SSH connection to the originating machine.

ssh -R [bind_port]:[target_host]:[target_port] [user]@[remote_host]

Component Meaning

Component	Meaning
`-R 2222:localhost:22`	On the remote host, listen on port 2222. Forward connections to localhost:22 on the local machine.
`evanusmodestus@modestus-p16g`	The remote host where port 2222 will be opened.

-R 2222:localhost:22

On the remote host, listen on port 2222. Forward connections to localhost:22 on the local machine.

evanusmodestus@modestus-p16g

The remote host where port 2222 will be opened.

Persistent Tunnel with autossh

For long-running tunnel sessions, autossh reconnects automatically on network interruption:

# Install
sudo pacman -S autossh

# Persistent reverse tunnel (reconnects on failure)
autossh -M 0 -f -N -R 2222:localhost:22 evanusmodestus@modestus-p16g \
  -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3"

Security Considerations

The tunnel is only as secure as the SSH session carrying it. Use key-based auth, not passwords.
Port 2222 is bound to localhost on P16g by default — not exposed to the network.
To bind to all interfaces (allowing other machines to use the tunnel): -R 0.0.0.0:2222:localhost:22 — requires GatewayPorts yes in the remote sshd_config. Avoid unless necessary.