AutoNetOps

Cover Image for SSH Tunnels

SSH Tunnels

Pedro D's photo
Pedro D
·

2 min read

SSH Tunnels serve as a powerful method for establishing connections between three entities that face restrictions or limitations in directly reaching one another. These tunnels are particularly useful in overcoming challenges related to the direction of connectivity or determining which entity is permitted to initiate a connection with another. This process involves forwarding network traffic from one host to another through an intermediary, thus overcoming some connectivity barriers.

JumpHost

I often use the ssh tunnel forwarding trick to call endpoints that are accessible from the JumpHost but not from my laptop.

Config Example

ssh -L [local_addr:]local_port:remote_addr:remote_port [user@]sshd_addr

## Examples
ssh -L 8443:destination:443 user@jumphost
ssh -L 2022:destination:22 user@jumphost

Here is a visual representation:

Reverse Proxy

The idea is to let one entity you can access connect through another entity that can't directly make this connection.

The most common use case scenario I have seen in other articles is:

  • Exposing a dev service to the public Internet for a demo.

    Target
    Can be a web server somewhere in your company or on your own machine, for example)

Another use-case that I have needed for some time is:

  • Exposing a public service to an internal server

My Case Step-by-Step Guide

There is a company server that does not have GitHub access, and this is where I store a great deal of code.

My personal working machine has access to GitHub. I can connect to the server from my machine, but I can’t connect to my machine from this server due to firewall blocking rules (which prevent me from just doing the jump host technique.

So I need to build a tunnel from my machine to the server to give access to something.

I need a reverse proxy connection in order to give the server access to GitHub.

Anonymous
The agent requesting the traffic would be the gateway itself (the server)

— On Remote SERVER

  1. Make sure to add the ssh keys to GitHub.

  2. Permanently Load SSH key to the ssh-agent

nano ~/.bashrc
#### Add to the end of the file
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/github_private_key
  1. Adjust Git Config File

nano ~/.ssh/config

Host localhost    
    Hostname localhost    
    Port 8088   
    User git
  1. Set Origin

On your folder repository:

git remote set-url origin git@localhost:user/REPONAME.git
  1. Create the Tunnel (From your Local Machine)
ssh -R 8088:github.your_company.com:22 server
  1. Validate access
ssh -T  git@localhost

References

https://www.ssh.com/academy/ssh/tunneling-example

https://docs.github.com/en/authentication/connecting-to-github-with-ssh