💾 Archived View for bulletpr00f.host › gemlog › posts › 2021-01-24.gmi captured on 2024-09-29 at 00:07:38. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2022-03-01)

-=-=-=-=-=-=-

SSH TUNNELING

it's basically tcp legos

ssh tunneling is great. It's the best thing. Greater than sliced bread? yes. Greater than love? Perhaps, tunnels die and are easily re-established it can be done automtically and relatively painlessly.

Lets assume you have two computers, "homebox" and "cloudbox"

Say you want a port on cloudbox to be availabe on homebox. This could be anything but lets say it's a web server. But it's a dev/test environment and you don't want the world at large to see it.

So you need cloudbox:80 to be accessible on homebox but not from the real internet. You could whitelist your own ip in the firewall, but that gets annoying if your home connection has a DHCP WAN address. Or if homebox is a laptop and home is wherever you happen to be at the moment.

With ssh tunnels its easy. Configure the web server to listen on localhost. then run

ssh -L 8080:localhost:80 user@cloudbox

Now you're ssh'd into your cloudbox, and you can edit your files with your prefered text editor and visit http://localhost:8080 on homebox and it will magically connect to port 80 on cloudbox.

Port 8080 on the loopback device is forward to port 80 on cloudbox's loopback device, as far as cloudbox is concerned this happens via localhost. Only ssh is using your actual network interface.

    +---------------+             +------------+
    |  Homebox      |             |  cloudbox  |
    |               |             |            |
+-----* port 8080   |        +---->* port 80   |
|   +---------------+        |    +------------+
|                            |
+----------------------------+

This means your ssh is also effectively being authentication for the webserver. which is handy.