[TriLUG] reverse ssh through firewall/NAT with a twist

[Kevin Hunter Kesling]

Hello SSH Gurus,

First, my question: Is it possible to connect two computers from 
different private networks via SSH *directly*, without passing traffic 
through a third-party host?

Specifically, it would be okay to use a third party host to negotiate 
the connection, but once it is setup, I want the two computers to talk 
directly.  For example, I imagine this is the basic premise behind how 
Chrome Remote works.  I want to know how to accomplish this with SSH.

The rest of this email is just a prelude to the above question.

-----

Say you need to access your business desktop while at home, while both 
sit behind a router/NAT (e.g., both BusComp and HomeComp have, say 
10.0/8 IP4 addresses).  Text-graphically:

   BusComp  <--> router <--> Internet <--> router <--> HomeComp

Neither router allows incoming traffic other than what was initiated 
from inside the network (e.g., a web page request).

A common course of action in this situation is to make one computer 
accessible by opening up specific ports on its router (in this case, the 
business router).  However, in this question, this is not an option.

Still, this is solvable with a two-hop reverse SSH setup.  First, one 
sets up an SSH connection from BusComp and maps a port (say 2222) on the 
InetAccessibleComp to BusComp's port 22 (or sshd port).

   BusComp <--> router <--> Internet <--> InetAccessibleComp

To talk to BusComp then, simply ssh to InetAccessibleComp, and then ssh 
from there via port 22.  Voila, you're in.  For those who read commands 
easier:

   buscomp$ ssh -R 2222:localhost:22 InetAccessibleComp

   homecomp$ ssh InetAccessibleComp
   InetAccessibleComp: ssh -p 2222 localhost
   buscomp$  # but shown on homecomp's screen

The problem, of course, is that InetAccessibleComp must be connected to 
both for the duration of the connection.  It is this last detail that I 
want to overcome.

Thanks for any help, Gurus!

Kevin