SSH Tunneling : Remote Forwarding
The process of accessing the INTERNAL server through a public server or local system is known as SSH TUNNELLING: REMOTE FORWARDING
These are some configurations that need to be changed on both the server and client-side.
On Server Side ( Internal VM ):
Change these variables in this file : FILE=/etc/ssh/sshd_config
AllowTcpForwarding remote
GatewayPorts yes
2. Save it and run this command to restart your ssh service.
sudo systemctl restart ssh
3. RUN this command to create a ssh tunnel.
nohup ssh -nNv -R 8002:localhost:22 admin@abc.com &
Command breakup :
nohup, & : to run this process in background
ssh: secure shell
-nN : to not allocate a tty( terminal ) and only do the port forwarding.
-v : verbose ( detailed output )
-R : Specifies that the given port of the remote server host is to be forwarded to the given host and port on the local side.
8002 : Client-side port on which ssh connection will be establish.
22 : server side port ( ssh )
admin@abc.com: Azure Vm USERNAME@HOST-DNS
On Client side ( Azure Vm ):
Change these variables in this file : FILE=/etc/ssh/sshd_config
AllowAgentForwarding yes
AllowTcpForwarding yes
AllowStreamLocalForwarding yes
GatewayPorts yes
X11Forwarding yes
2. Save it and run this command.
sudo systemctl restart ssh
3. Open a terminal and type:
ssh server_username@localhost:8002
It will prompt you for a password, Enter the server VM password & enjoy SSH tunnelling.
Security Constraint:
Port 22 needs to be opened on your Azure vm publicly, so that the Internal vm can establish a connection with your Azure VM, and opening port 22,3389 publicly is not recommendable as this makes our Azure VM’s more vulnerable to attack. I tried restricting port access only on Internal VM public IP but that didn’t work because the INTERNAL VM runs behind a VPN (proxy network) and that is unknown by the Azure Public Cloud so it fails.
Limitation & workaround:
Through this process you will be only able to connect to terminal, so let say if you want to check other services like frontend & backend (running on some port), then you need to open another tunnel,
ex: nohup ssh -nNv -R 8010:localhost:8000 dtdevops@dt-devops.westeurope.cloudapp.azure.com &
8000: server port
8010: Azure VM port
Now you will be able to access 8000 port of your server on you Azure vm (8010 port).
https:// Internal-vm-host-ip:8000 = https://abc.com:8010
In this way you can create “n” number of tunnels.