Simple SSH Tunnel Guide - Part 3
The Local Workstation
This is the final part of a 3-part guide to creating a simple SSH tunnel connection. This section covers the SSH configuration required on a local workstation in order to connect to a remote service via a gateway server on AWS.
Please Note: This post is purely for interest's sake. I highly recommend you do not do this at your organisation as you may quickly find yourself on the wrong end of a workplace agreement violation.
Configuring Local SSH
As mentioned in the Overview section of this guide, this assumes that the local workstation runs Mac OS X. The details here, however, will work across a number of different platforms, including Linux and Windows and any platform that supports openssh (such as (Cygwin)[https://www.cygwin.com/] and (msysGit)[https://msysgit.github.io/]).
Step 1 - Local SSH Tunnel Config
Ensure that the AWS gateway key file, created in Part 1 of this guide, still sits in the
/tmp/tunnelfolder of your workstation.Create a new script called
/tmp/tunnel/local-side-tunnel.shwith the following contents:#!/bin/bash set -e TUNNEL_GATEWAY="54.66.197.58" TUNNEL_KEY="/tmp/tunnel/tunnel-key-1.pem" CONNECT_STR="simplehttp_home" LOCAL_PORT=5678 GATEWAY_PORT=1234 ssh -p 443 -L $LOCAL_PORT:localhost:$GATEWAY_PORT -i $TUNNEL_KEY -l root $TUNNEL_GATEWAY ./chatty.sh $CONNECT_STRRun the script using the following command:
sh /tmp/tunnel/local-side-tunnel.shIf successful, the
chatty.shscript on the gateway will begin generating output which will look something like this:
Step 2 - The Final Test
Ensure that the
simple-http.shscript from Part 2, Step 2 is still running and accepting requests on the remote server.Ensure that the
remote-side-tunnel.shscript from Part 2, Step 3 is still running on the remote server and generating output from thechatty.shscript.Ensure that the
local-side-tunnel.shscript from Step 1 above is still running and generating output from thechatty.shscript.In a new terminal on the local workstation, test the tunnel by running the following:
curl http://localhost:5678/If all goes well, the request to port
5678will be forwarded to the gateway and then forwarded on to the remote server on port8000to be served by thesimple-http.shscript, sending the response back through the tunnel to port5678on the local machine:
Conclusion
This guide demonstrated a very simple tunnel example, however this method could be modified to support the tunneling of any service, or multiple services, from the remote server back through to your local workstation. And when used in combination with other traffic routing applications, such as rinetd, the options for tunneling services from within the remote network to your local workstation are endless.