SSH Proxy
SSH Proxy Tunnel
Setup an SSH tunnel proxy server as an intermediary between a local computer and remote server that has an inaccessible resource or service.
Setup
| Host Type | IP Address | Description |
|---|---|---|
| Public | 192.168.0.83 | Public IP address of the local service |
| Public | 159.223.0.93 | Public IP address of the remote server |
SSH Proxy Tunnel Example
Send the remote service over the SSH port via a tunnel.
Confirm listening ports
Local:
Local host is not listening for any services, so will not return anything.
Porxy
Porxy server running ssh on port 22.
> netstat -ntl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
Remote
Remote server running web server on port 80 and ssh on port 22.
> netstat -ntl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 :::80 :::* LISTEN
From the local server run the following to establish a SSH proxy tunnel:
ssh -N -L localhost:8888:192.168.0.83:80 root@192.168.0.93
-Nis a flag to just forward ports and not execute remote commands-Lforwards local connections to the remote side- localhost is the host on the local machine that will bind to the remote service
- 8888 is the port that the local machine will listen on
- 192.168.0.83 is the public IP address of the remote service
- 80 is the port of the remote service
- root is the SSH user of the remote server
- 192.168.0.93 is the public IP address of the proxy server
Local
The SSH tunnel is established for the service at 192.168.0.83:80 will be accessible on the local machine at localhost:8888 via the proxy server at 192.168.0.93.
> netstat -ntl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:8888 0.0.0.0:* LISTEN
tcp6 0 0 ::1:8888 :::* LISTEN
Shorthand
Remote command execution or pseudo terminal will be allocated for this connection.
ssh -L 8888:192.168.0.83:80 root@192.168.0.93
Change the port number for other services.
- Don’t need to include localhost of the local machine because that is the default
- Default SSH port is 22, so don’t need to specify that either
-Nflag is optional. Functionality will be the same whether or not include it
Summary
Greate way to access service on local computer that is running on port 80 that is running behind a firewall to access this service from remote computer.
Check out:
Related Posts
2023 Phoenix VMUG UserCon
Introduction: The recent 2023 Phoenix VMUG UserCon brought together some like-minded people in the field, with discussions ranging from VMware technologies to best practices for optimizing existing systems.
Read more
Red Hat User Group Insights, Ansible Automation Platform, and ITSM Integration
Introduction: This blog post aims to summarize the key takeaways from this informative workshop. At the recent Red Hat User Group workshop on Red Hat Insights, Red Hat Ansible Automation Platform, and their integration with management (ITSM) systems, such as ServiceNow, provided valuable insights into how these technologies work together.
Read more
Robocopy Examples
Robocopy Examples Robocopy has many command line options and it can be overwhelming to know which commands to use. In this post, we will take a look at how to ues robocopy to copy, mirror, purge Files and Folders.
Read more