Linux – Use server’s IP via SSH tunnel

linuxPROXYservicesshtunnel

Firslty my setup is an Ubuntu laptop and an Ubuntu server.

I have a program on my local laptop which needs to access a certain web-service, (lets call it http://someserver.com/someservice123). Now this service has a firewall which only allows access from my server's IP.

Is there some type of SSH tunnel I could use between my laptop and server so that when a python script on my laptop sends a request to http://someserver.com/someservice123 that service sees the request coming from my server's IP?

I know it would look something like:

ssh -N -R 80:localhost:80 user@myserver

but I'm not sure exactly.

Best Answer

What you want is not a reverse tunnel but a regular tunnel.

ssh -L 80:someserver.com:80 user@myserver

This will create a listening socket on port 80 of your laptop (localhost) that will go to someserver.com through the SSH server on myserver.

I usually combine tunnels with the options -CfN, -C will enable compression (speeds things up a bit), -f sends the SSH to the background once the authentication is complete (so you still have a chance to enter the password if needed), -N will make sure no command is executed on the SSH server (it's not really safe to have an SSH running in the background that could hypothetically be used send commands to the server, it's a bit of healthy paranoia/a good practice).

If you don't care about having a very secure connection between your laptop and myserver, you can also change the cipher to something fast, like blowfish using -c blowfish, or arcfour128 (which is faster still).

So what I would use is this:

ssh -CfNc arcfour128 -L 80:someserver.com:80 user@myserver

Which will give you nice, fast tunnel that goes straight into the background instead of leaving an open command prompt on your server.

Keep in mind that if you send it to the background, when you want to break the tunnel, you'll have to first find the process id by doing something like ps -ef | grep ssh and kill the correct process id.

Related Solutions

Ssh – How to automate SSH login with password

Don't use a password. Generate a passphrase-less SSH key and push it to your VM.

If you already have an SSH key, you can skip this step… Just hit Enter for the key and both passphrases:

$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.

Copy your keys to the target server:

$ ssh-copy-id id@server
id@server's password:

Now try logging into the machine, with ssh 'id@server', and check-in:

.ssh/authorized_keys

Note: If you don't have .ssh dir and authorized_keys file, you need to create it first

to make sure we haven’t added extra keys that you weren’t expecting.

Finally, check to log in…

$ ssh id@server

id@server:~$

You may also want to look into using ssh-agent if you want to try keeping your keys protected with a passphrase.

SSH – Bad Owner or Permissions on ~/.ssh/config

I needed to have rw for user only permissions on config. This fixed it.

chmod 600 ~/.ssh/config

As others have noted below, it could be the file owner. (upvote them!)

chown $USER ~/.ssh/config

If your whole folder has invalid permissions here's a table of possible permissions:

Path	Permission
.ssh directory (code)	0700 (drwx------)
private keys (ex: `id_rsa`) (code)	0600 (-rw-------)
`config`	0600 (-rw-------)
public keys (*.pub ex: `id_rsa.pub`)	0644 (-rw-r--r--)
`authorized_keys` (code)	0644 (-rw-r--r--)
`known_hosts`	0644 (-rw-r--r--)

Sources:

openssh check-perm.c
openssh readconf.c
openssh ssh_user_config fix_authorized_keys_perms

Best Answer

Related Solutions

Ssh – How to automate SSH login with password

SSH – Bad Owner or Permissions on ~/.ssh/config

Related Topic