/ ssh

Accessing your server application with SSH Port Forwarding

We've already discussed connecting to your server via SSH which is great for accessing your server's terminal. But how will you, for example, connect to your web application via a browser?

This is best explained with an example. Say we have built an apache web server on Ubuntu in Ronin, and the machine address is webserver.ronin.cloud

Screenshot-20180329145400-1087x961

One way is to create a Windows machine in Ronin, connect to it via RDP, open a web browser and navigate to your server's address (e.g. webserver.ronin.cloud)

This will only work with machines within your project however, as all machines are contained by a project subnet.

Perhaps you want to connect to it via your local PC instead? You won't be able to access it quite the same way, as your PC is not a part of the projects subnet, and only port 22 is open on the webserver. So, how will we connect?

Port forwarding with SSH to the rescue!

Quick Start - for those wearing knitted cardigans.

Local Port Forward
ssh -i ".ssh/your-key.pem" -L 80:localhost:80 ubuntu@webserver.ronin.cloud

Port forwarding without shell, add -nNT flags

Detailed Guide - for normal humans

What is SSH Port Forwarding (or Tunnelling)

Port forwarding via SSH (SSH tunneling) creates a secure connection between a local computer and a remote machine through which services can be relayed. Because the connection is encrypted, SSH tunneling is useful for transmitting information that uses an unencrypted protocol, such as a service using an unencrypted protocol (e.g a webserver using the HTTP protocol on port 80)

We won't discuss other types of port forwarding in this article other than local port forwarding. More information on what else SSH can do, type man ssh into a terminal

Here's a diagram to explain it better.

Local Port Forwarding

Screenshot-20180404100107-1209x347

Lets break it down.

We start with your PC requesting your web server at port 80 (as an example, can be any port number you choose)

Your SSH Command will forward any requests of port 80 through the SSH tunnel. This is changed to an SSH request, port 22. It will assign your key to the encryption for security.

As the firewall is open on port 22, it will let the request through (provided you gave the right key) to the Ronin server.

At the end of the tunnel is your Ronin server and the request will be changed to what the application is expecting. In this case, a web server receives requests on port 80, but this could be a database, a web service, etc.

...and you're securely connected!

What's the point of all this?

With this example, there was no point in time where the request was unencrypted while being transmitted over the internet. This means a secure handshake between the two computers, invisible to any third party, secured by your private key.

It also means that there's only one way which a machine can be accessed by. Requests that don't go through SSH are blocked by a firewall before it can reach a server. When it comes to security, the less ways in, the more secure it is.

Got your shovel handy? Lets get to tunnelling!

Lets get started

This is the command we'll use to create a secure tunnel

ssh -i ".ssh/your-key.pem" -L 80:localhost:80 ubuntu@webserver.ronin.cloud

Again, another diagram for a clearer explanation

Screenshot-20180404100121-1261x542

Lets break down the command

ssh - The protocol we're using.
-i "your-key.pem" - The key you use to secure the tunnel.
-L - The flag which makes it a local port forward.
80 - The port you want to forward from your local machine. This can be any number you want within the range 1-65535, however its recommended you use one within the range of 1024-49151 so as not to conflict with regularly used ports.
localhost:80 - In this example, webserver.ronin.cloud has an apache server installed which responds at localhost, and the port for HTTP is port 80
ubuntu@webserver.ronin.cloud - Our example webserver

After running this command, I can now go to http://localhost in a web browser and I will see a welcome screen for apache in this example

Screenshot-20180330120648-1011x739

Whew. That's a tricky concept!

If you are still having difficulty, or need something explained further, let us know in the comments below!

SUBSCRIBE