SSH Tunneling

What is SSH

SSH is a standard for secure remote logins and file transfers over untrusted networks . It is around all around the world by people for remote logins into cloud servers and their VPS.

What is SSH tunneling

SSH Tunneling is a safe and secure way to forward ports from your server to your machine locally. It is very similar to creating a VPN of some sort. Essentially can forward all the ports quickly and basically bring the other machine on your lan whereas SSH tunneling can forward one or more ports from the remote machine to yours.

How do I use it ?

The -L option can be used with your regular ssh command to create a tunnel . So for example you generally do

ssh -p 69 admin@blabla.com

Now lets say you want to get whatever is running on port 8080 of blabla.com on your machine you can do this

ssh -L 8080:127.0.0.1:8080 -p 69 admin@blabla.com

Now if you go to port 8080 on your machine you have got whatever was on the port 8080 of blabla.com

Advantages

  • Don't have to disable or worry for firewalls

    You don't have to care about your firewall or patching holes in it whatsoever, If you can ssh into a machine - you can ssh tunnel

  • Fast with no setup needed

    Just use the -L flag and you are gtg

  • Secure by default

    Since it is just using the SSH protocol it doesn't have an glaring security holes in it that can be exploited

As secure as this , it can quickly turn into something not so secure , more on that here {.is-info}

Exposing your service to the web using tunneling

As we saw that ssh tunneling can be used to direct whatever is running on the port to your local machine , you can also use this to overcome the carrier grade NAT setups that Indian ISPs use which essentially prevents you from opening any ports on your LAN to the web.

Ok so now what we are going to do is called Reverse SSH Tunneling which as the name suggests is the reverse of SSH Tunneling . In SSH Tunneling you basically get whatever is on the port of the remote machine to your machine but in Reverse Tunneling you get whatever is running on your machine to the remote machine's port

Assumptions

  • Your service is running on port 8096

  • You want to expose the service on subdomain.yourdomain.com

  • You have an A record for subdomain.yourdomain.com pointed to your server

  • Step 1 : Set up an SSH Tunnel So you can use this

ssh -R 8096:127.0.0.1:8096 admin@subdomain.yourdomain.com

or to give a more tunnely effect

ssh -N -R 8096:127.0.0.1:8096 admin@subdomain.yourdomain.com

What the second command does is that it establishes an ssh session but doesn't give you a shell To persist this tunnel you can use several things -:

  • Create a shell script that runs in the background and enable it on system startup
  • Run this in a tmux or a screen sesssion in the background
  • The best and the most effective way is to create a systemd service.

This is a sample systemd service that I personally use

[Unit]
Description=A reverse ssh tunnel 

[Service]
User=ubuntu
ExecStart=ssh -N -R 8096:127.0.0.1:8096  blabla@blabla.com
Restart=always

[Install]
WantedBy=multi-user.target

after adding this to /etc/systemd/system as tunnel.service you can simply do

sudo systemctl start tunnel

Step 2 : Exposing on your domain

So now once you have your service on your server locally you can expose this using the reverse proxy setup guide

Back to top