Permanent SSH tunnels

SSH Tunnels

I use this sometimes when I have a web service I want access to do development work with on some remote server, but I dont want to expose it to the internet.

ssh -L 9090:localhost:8080 some-server

Doing something like this will hit the remote server at port 8080:

curl localhost:9090

Dynamic Tunnels

This flag uses the SOCKS protocol, you can point firefox to it:

# Temporary Firefox session commands.
alias socks-proxy="ssh -D 50000 -N me@some-server"
alias firefox-proxy="firefox -P \"Proxy\""

Reverse Tunnels

Reverse SSH tunnels are really useful if you want access to a machine that is behind a firewall. Firewalls, like those found in consumer routers, don’t typically block outbound connections to certain ports. So that means you can used an established outgoing connection to funnel traffic/requests from outside in.

Here’s a plain SSH example:

ssh -R 8888:localhost:22 example.net

You can run the following command on the remote machine:

ssh -p 8888 localhost

Combined with autossh

You can combine this with autossh to have persistant ssh tunnels to hosts that are behind firewalls.

autossh -R 8888:localhost:22 example.net -M 0

Notes

• Use DNS if you can, just in case you need to change the addresses
• Might be possible to add your autossh script as a systemd service

References

• https://www.howtogeek.com/428413/what-is-reverse-ssh-tunneling-and-how-to-use-it/
• https://unix.stackexchange.com/questions/133863/permanent-background-ssh-connection-to-create-reverse-tunnel-what-is-correct-wa
• https://news.ycombinator.com/item?id=26623117
• https://linux.die.net/man/1/autossh