Blog prod

What Would Hop Do - SSH Tunneling

Sometimes a security-conscious client is unable to give us direct access to their production server and instead we need to connect through an intermediary gateway server. It’s a reasonable request, but it can be a bit annoying when it comes to debugging - especially during the initial development phase. But fear not! There is a faintly glowing light at the end of this tunnel!

In this WWHD, one of our clients does exactly this, granting us a connection to the production server through their gateway server. The production server forbids access from all IPs unless whitelisted, so we’re going to use an ssh tunneling technique to gain SFTP access to the production server. It is magical!

This is the command we’ll be running to achieve our goal:

ssh -N -t -x -L 45454:destination.server.ca:22 [email protected]

After hitting enter, you’ll be asked to enter your password. Once you enter it, nothing will appear to happen and you will be sitting on an empty terminal with no cursor or feedback - but the tunnel will be opened.

At this point, you can set up your SFTP client to connect through the tunnel. Enter your username and password like normal, but substitute localhost for server, and 45454 for the port.

Now, let’s break down what this command is actually doing!

  • ssh We know this one. We’re utilizing the secure shell protocol to access a remote system.

  • -N Open the connection, but do not execute a remote command. This is when you’re just forwarding ports like we’re doing in this case.

  • -t Force pseudo-terminal allocation. This can be used to execute command line stuff.

  • -x Disables X11 forwarding. We’re simply opening a tunnel, we’re not going to need any sort of response – GUI or otherwise.

  • -L Specifies that connections to the given TCP port on the local (client) host (left side) are to be forwarded to the remote side (right side).

  • :45454 is the port number that will open on your local computer. We’re using 45454 as this port is not usually used (avoid 3306 or any other port number that is commonly used for other purposes).

  • destination.server.ca is the destination host you want to connect to

  • :22 is the port number opened for ssh/sftp connection on the host that you want to connect to. 22 is standard.

  • hopstudios is the ssh user you’ve previously setup for the relay gateway server

  • gateway.server.ca is the relay gateway server

When you’re finished and want to close the tunnel, stop your SFTP client, and then in the terminal where the tunnel is running, hit Ctrl+C to terminate the ssh connection.

This tip is a little bit niche, but hopefully if you’re reading this, you’ve found it useful. As always, please comment below if you have any suggestions or improvements!

Comments

Have a Project for Us?

Request a Proposal