Suppose you are inside a network that has no public IP address. If you are working on machineA, and you need to SSH in from outside the network, say from machineB, run the following on machineA:

machineA$ ssh -R 22222:localhost:22 user@machineB

On machineB, you can now SSH to machineA by running:

machineB$ ssh user@localhost -p 22222

The first command creates a SSH tunnel which will listen on on machineB that tunnels to localhost:22 on machineA. You should now be able to access machineB:22 by connecting to on machineA.

You can make the tunnel target a remote host by replacing localhost with another server.

You may make the tunnel bind on all addresses instead of by ensuring that GatewayPorts = yes or GatewayPorts = clientspecified on machineB's SSH server and then specifying the bind address when connecting. Eg.

machineA$ ssh -R user@machineB