Jilvin's blog

Unlocking Secure Access: Connecting to Your Privately Hosted Resources with SSH and SSH Tunneling

Unlocking Secure Access: Connecting to Your Privately Hosted Resources with SSH and SSH Tunneling

Jilvin Thomas Abraham's photo
Jilvin Thomas Abraham
·

4 min read

Table of contents

Introduction

In today's interconnected world, accessing privately hosted resources securely is paramount for businesses and individuals alike. Fortunately, with the power of SSH (Secure Shell) and SSH tunneling, you can establish secure connections to your private resources with ease. In this article, we'll explore how SSH and SSH tunneling can be utilized to access your privately hosted resources securely.

Understanding SSH

SSH, or Secure Shell, is a cryptographic network protocol that provides secure communication between two computers over an unsecured network. It encrypts data during transmission, ensuring confidentiality and integrity. SSH uses cryptographic keys for authentication, offering a more secure alternative to traditional password-based authentication.

Connecting to your remote resources using SSH:

To connect to your remote resources using SSH, follow these steps:

  1. Generate SSH Key Pair: First, generate an SSH key pair on your local machine using the ssh-keygen command. This will create a public key and a private key. Keep your private key secure and never share it with anyone.

  2. Add Public Key to Server: Next, copy the public key to your server's ~/.ssh/authorized_keys file. This authorizes your local machine to connect to the server securely using SSH key-based authentication.

Connect to Server: Now, you can connect to your server securely using SSH. Use the ssh command followed by the username and IP address or domain name of your server. For example:

ssh username@server_ip

Connecting to your private resources using SSH and a bastion host:

  1. Open SSH Config File: If the SSH config file doesn't exist, create it in your home directory (~/.ssh/config). Otherwise, open it in a text editor.

  2. Configure Bastion Host Entry: Add an entry for the bastion host in the SSH config file. This entry specifies the host, user, and identity file (if needed) for connecting to the bastion host. For example:

     Host bastion
     HostName bastion.example.com
     User bastion_user
     IdentityFile ~/.ssh/bastion_key.pem

  3. Configure Private Resource Entry: Add an entry for the private resource you want to connect to, specifying the bastion host as the proxy jump point. This entry includes the host, user, hostname, and ProxyJump option pointing to the bastion host. For example:

     Host private_resource
     HostName private_resource.example.com
     User resource_user
     ProxyJump bastion

    ProxyJump: Specifies the bastion host to use as a jump point to reach the private resource.

    To connect to the private resource, simply run:

     ssh private_resource

    SSH will establish a connection to the bastion host first, and then from there, it will connect to the private resource using the specified user and hostname.

  4. Configure Private Resource Entry with Dynamic Value: Add an entry for the private resource, %h option to use a command that fetches the values dynamically. You can use a command substitution to achieve this. For example:

     Host private_resource
     HostName %h
     User resource_user
     ProxyJump bastion

    To connect to the private resource, simply run:

     ssh private_resource -o "HostName=<server_ip>"

    SSH will establish a connection to the bastion host first, and then from there, it will connect to the server using the specified user and hostname.

Using SSH Tunneling:

  1. SSH tunneling, also known as SSH port forwarding, allows you to securely tunnel network connections between your local machine and a remote server. This is useful for accessing services securely or bypassing network restrictions.

    To set up an SSH tunnel, follow these steps:

    1. Establish SSH Connection: Connect to your server using SSH as described earlier.

    2. Create Tunnel: Use the -L option to specify local port forwarding. For example, to forward connections from local port 8080 to a specific port on the remote server, use the following command:

       ssh -L 8080:remote_server_ip:remote_port username@server_ip

    3. Access Privately Hosted Resources: With the SSH tunnel established, you can now access privately hosted resources on the remote server through the specified local port (e.g., localhost:8080).

    4. Tools: There are many free and paid tools in the market which provide in-built SSH tunneling feature out of the box, some common tools include Putty, Termius, WinSCP, DBeaver etc. These tools help to configure SSH tunnel pretty easily and some of them even take care of port assignment and simultaneous tunnel creation for seamless connectivity with multiple resources.

DevopsLinuxssh