Reverse fun was developed to allow users outside firewalls (which deny any incoming connects) or users behind masquerading routers to use SSH. The problem occurs since when a network is NATed no external user is able to connect to one of the internal SSH-servers. Dream-team TESO solved this problem by using the 'reverb' program that maps two active connections together and brings the client into the internal network.
How it works:
When having reverse fun, the server (sshd) acts indeed as client and initiates a connection to the now-server 'ssh' outside the firewall. SSH-protocol negotiation goes as normal then, and the user of ssh-client sees no difference as if (s)he would do the connect normally. Since the ssh-client acts as server until connect arrives, it blocks the user's terminal until a person (or crond) behind the firewall initiates the connection.
Security:
During reverse fun, the server must authenticate itself using the host-key as usual, so you can be sure the right connection arrived if no warning-message is shown on the screen. Since ssh-client runs setuid-root, reverse fun might be dangerarous (high-port bindings etc.). IPv6 support is built in, but not tested.
