Suppose you are inside a network that has no public IP address. If you are working on machineA, and you need to SSH in from outside the network, say from machineB, run the following on machineA:
machineA$ ssh -R 22222:localhost:22 user@machineB
On machineB, you can now SSH to machineA by running:
machineB$ ssh user@localhost -p 22222
The first command creates a SSH tunnel which will listen on 127.0.0.1:22222 on machineB that tunnels to localhost:22 on machineA. You should now be able to access machineB:22 by connecting to 127.0.0.1:22222 on machineA.
You can make the tunnel target a remote host by replacing
localhost with another server.
You may make the tunnel bind on all addresses instead of
127.0.0.1 by ensuring that
GatewayPorts = yes or
GatewayPorts = clientspecified on machineB's SSH server and then specifying the bind address when connecting. Eg.
machineA$ ssh -R 0.0.0.0:22222:localhost:22 user@machineB