Much like local port forwarding, remote port forwarding has its own bastion host mode. Remote Port Forwarding from a Home/Private Network Sed -i '/PermitOpen/d' /etc/ssh/sshd_config Sed -i '/AllowTcpForwarding/d' /etc/ssh/sshd_config First, we need to prepare the server - a machine with the SSH daemon and a simple web service listening on 127.0.0.1:80: $ docker buildx build -t server:latest -> /root/.ssh/authorized_keys The lab reproduces the setup from the diagram above. Lab 1: Using SSH Tunnels for Local Port Forwarding 👨🔬
Any traffic to this port will be forwarded to the remote_private_addr:remote_port on the machine you SSH-ed to.On your machine, the SSH client will start listening on local_port (likely, on localhost, but it depends - check the GatewayPorts setting).Accessing a container's port from your laptop without publishing it on the server's public interface.Īll of the above use cases can be solved with a single ssh command: ssh -L local_port:remote_addr:remote_port -L flag indicates we're starting a local port forwarding.Using your browser to access a web application exposed only to a private network.Accessing a database (MySQL, Postgres, Redis, etc) using a fancy UI tool from your laptop.
And I desperately need to access this port from the outside. Oftentimes, there might be a service listening on localhost or a private interface of a machine that I can only SSH to via its public IP. Starting from the one that I use the most. Beware that it's rarely a good idea to have SSH stuff in real-world containers! Local Port Forwarding Important: SSH daemons in the containers here are solely for educational purposes - containers in this post are meant to represent full-blown "machines" with SSH clients and servers on them. If you don't have one, generating it is as simple as just ssh-keygen on the host. However, running the below examples as-is with Docker Desktop won't be possible because the ability to access the machines containers by their IPs is assumed.Īlternatively, the labs can be done with Lima (QEMU + nerdctl + containerd + BuildKit), but don't forget to limactl shell bash first.Įvery example requires a valid passphrase-less key pair on the host that is then mounted into the containers to simplify access management. In theory, any Linux box with Docker Engine on it should do. That's why I ended up using just a single vagrant VM with Docker on it.
However, I'm too lazy to spin up full-blown instances, especially when containers can be used instead. SSH Tunnels are about connecting hosts over the network, so every lab below expectedly involves multiple "machines".
PUTTY SSH TUNNEL LOCALHOST SERIES
Should it be a Local or a Remote tunnel? What are the flags? Is it a local_port:remote_port or the other way around? So, I decided to finally wrap my head around it, and it resulted in a series of labs and a visual cheat sheet 🙈 Expose any local server from a home/private network to the outside world.īut despite the fact that I use SSH Tunnels daily, it always takes me a while to figure out the right command.Open a port from the localhost of a development VM in the host's browser.Access internal VPC endpoints through a public-facing EC2 instance.With nothing but standard tools and often using just a single command, you can achieve the following: One of my favorite parts of this technology is SSH Tunnels. It may very well be that learning a couple of SSH tricks is more profitable in the long run than mastering a dozen Cloud Native tools destined to become deprecated next quarter. SSH is yet another example of an ancient technology that is still in wide use today. TL DR SSH Port Forwarding as a printable cheat sheet.
0 kommentar(er)
