SSH Tunnels – How to Create an HTTPS SSH Tunnel on Linux

httpslinuxsshssh-tunnel

Ok so I have a web server, lets call it Server A, which is providing a service via HTTPS. And I have an SSH gateway server, lets call it Server B.

Due to firewall rules I cannot access Server A's web service from my desktop linux computer. Therefore to view the web service I must SSH with X Forwarding to Server B and run firefox over the SSH tunnel. Server B can access Server A's web service and so it works.

I'm wondering if it would be possible to create an SSH tunnel between my PC and Server B which would allow me to access the service on Server A using my desktop web browser rather than running firefox over the SSH tunnel.

Best Answer

Yes, it is possible:

ssh -L 8443:serverA:443 -Nf [user@]<serverB>

This will let you point your desktop browser at port 8443 and send it to port 443 (the HTTPS port) on your server A. The -Nf will background the session and exit immediately back to your desktop, not establishing an actual shell session to server B.

Related Solutions

SSH Tunnel – How to Configure a Shortcut for SSH Connection

As a more concrete version of Kyle's answer, what you want to put in your ~/.ssh/config file is:

host foo
  User webby
  ProxyCommand ssh a nc -w 3 %h %p

host a
  User johndoe

Then, when you run "ssh foo", SSH will attempt to SSH to johndoe@a, run netcat (nc), then perform an SSH to webby@foo through this tunnel. Magic!

Of course, in order to do this, netcat needs to be installed on the gateway server; this package is available for every major distribution and OS.

Ssh – How to assign a hostname to SSH tunnel

What you describe is not possible. But there's still good news:

What is possible however is to establis a Dynamic connection with the SSH Server. This will open a port on your local computer to which you can point the Proxy setting of your Browser and allow you to use the tunnel as a proxy server. But you have to type a hostname/ip and port into the browser as if the browser were running on the machine the SSH Server is on.

Command looks like this: ssh user@server.example.com -D 1234
Then point your browser's proxy to localhost:1234.

So if you tunnel into Server A, and want to connect to server B, you type into your browser whatever address you would type into a Browser running on Server A. If a browser running on server A could not connect to Server B (if the process on Server B only listens on 127.0.0.1) then you still couldn't connect. It sounds like you just have the one server, but I wanted to be sure this was clear.

If you just have the one server, you tunnel into it with the Dynamic connection, set your proxy. You will then be able to type "localhost:1234" (for example) into the browser and it will connect to the service running on the remote server on port 1234.

Securit Side Note: Never never never setup a server where root can SSH in! Serious security flaw. Create a normal user account (who is allow to su or sudo) and SSH in as that user.

Best Answer

Related Solutions

SSH Tunnel – How to Configure a Shortcut for SSH Connection

Ssh – How to assign a hostname to SSH tunnel

Related Topic