fix formatting on old articles
This commit is contained in:
parent
a1df2a48f3
commit
6f0c6a1f75
|
@ -10,9 +10,7 @@ However, what if you don't want to, *or can't*, directly open ports onto your ho
|
||||||
|
|
||||||
SSH remote port forwarding is built right into ssh itself, and is quite simple:
|
SSH remote port forwarding is built right into ssh itself, and is quite simple:
|
||||||
|
|
||||||
```
|
ssh -R 5505:localhost:4404 user@remote.host
|
||||||
ssh -R 5505:localhost:4404 user@remote.host
|
|
||||||
```
|
|
||||||
|
|
||||||
When this command is run on the local server, it will:
|
When this command is run on the local server, it will:
|
||||||
+ create an ssh connection to the remote server, as per usual
|
+ create an ssh connection to the remote server, as per usual
|
||||||
|
@ -39,14 +37,14 @@ Then, create a script for your ssh port forwarding. I placed mine directly in th
|
||||||
|
|
||||||
Here is my example of a script that you could use:
|
Here is my example of a script that you could use:
|
||||||
|
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
PORTS="8080 25565"
|
PORTS="8080 25565"
|
||||||
DEST="bridge@remote.host"
|
DEST="bridge@remote.host"
|
||||||
SSH_PORT="22"
|
SSH_PORT="22"
|
||||||
IDENTITY_FILE="~/.ssh"
|
IDENTITY_FILE="~/.ssh"
|
||||||
|
|
||||||
/usr/bin/ssh -nNT $(echo $PORTS | awk -v host=$LOCALHOST '{for (i = 1; i <= NF; i++){ printf "-R %d:%s:%d ",$i,host,$i}}') -p $SSH_PORT -i $IDENTITY_FILE $DEST
|
/usr/bin/ssh -nNT $(echo $PORTS | awk -v host=$LOCALHOST '{for (i = 1; i <= NF; i++){ printf "-R %d:%s:%d ",$i,host,$i}}') -p $SSH_PORT -i $IDENTITY_FILE $DEST
|
||||||
|
|
||||||
Next you'd want to run this script as a service. Check your distro's service system how to do this if you have any trouble.
|
Next you'd want to run this script as a service. Check your distro's service system how to do this if you have any trouble.
|
||||||
|
|
||||||
|
@ -56,17 +54,17 @@ Say that the script you made was `/home/bridge/tunnel.sh`, you should create a u
|
||||||
|
|
||||||
To do this create the following file in `/home/bridge/.config/systemd/user/tunnel.service`:
|
To do this create the following file in `/home/bridge/.config/systemd/user/tunnel.service`:
|
||||||
|
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=SSH tunnel
|
Description=SSH tunnel
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
ExecStart=/home/bridge/tunnel.sh
|
ExecStart=/home/bridge/tunnel.sh
|
||||||
RestartSec=5
|
RestartSec=5
|
||||||
Restart=always
|
Restart=always
|
||||||
KillMode=mixed
|
KillMode=mixed
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=default.target
|
WantedBy=default.target
|
||||||
|
|
||||||
Then enable and start the service with: `systemd --user enable tunnel.service` and `system --user start tunnel.service`. Ensure that it is running with `systemd --user status tunnel`
|
Then enable and start the service with: `systemd --user enable tunnel.service` and `system --user start tunnel.service`. Ensure that it is running with `systemd --user status tunnel`
|
||||||
|
|
||||||
|
@ -82,7 +80,7 @@ Say you forwarded traffic from port 8080 on remote to port 80 on local, you coul
|
||||||
|
|
||||||
Here is an example of this in practice, forwarding port 80 and 443, by forwarding ports 8080 and 8443:
|
Here is an example of this in practice, forwarding port 80 and 443, by forwarding ports 8080 and 8443:
|
||||||
|
|
||||||
/usr/bin/ssh -nT -R 8443:localhost:443 -R 8080:localhost:80 -i $IDENTITY_FILE -p $SSH_PORT $DEST "(sudo socat TCP-LISTEN:80,fork TCP:localhost:8080) & sudo socat TCP-LISTEN:443,fork TCP:localhost:8443"
|
/usr/bin/ssh -nT -R 8443:localhost:443 -R 8080:localhost:80 -i $IDENTITY_FILE -p $SSH_PORT $DEST "(sudo socat TCP-LISTEN:80,fork TCP:localhost:8080) & sudo socat TCP-LISTEN:443,fork TCP:localhost:8443"
|
||||||
|
|
||||||
However this command assumes that the remote user has access to sudo with **NO PASSWORD**. Alternatively you could create a similar service (this time as a system service) on the remote server running the socat commands.
|
However this command assumes that the remote user has access to sudo with **NO PASSWORD**. Alternatively you could create a similar service (this time as a system service) on the remote server running the socat commands.
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue