SSH Reverse Proxy and Tunneling

Forward ports to your local machine

Photo by Daniel Jerez on Unsplash.

Let’s say you own the domain example.com and the port 22 works as an SSH port for some VM/server. This means that you can SSH into it like so:

ssh user@example.com

But SSH can do much more. One of its features is a reverse TCP proxy, which can expose a port on your local device with one command:

ssh -R \*:80:localhost:8080 -N root@example.com

The -N flag isn’t required, which is to say that we don’t need to execute any commands after SSHing. This will work for anything that uses TCP, such as a web server, SSH port, or even your Minecraft server.

This will bind example.com:80 to your localhost:8080. Keep in mind that in order to bind to low ports (like 80 or 443), you’ll need to SSH as root.

Enable Root Login With Password

If you also want to enable SSH root login with a password:

echo "PermitRootLogin yes" | sudo tee -a /etc/ssh/sshd_config
sudo systemctl restart sshd

Binding to All Addresses

If you want to make it accessible on addresses other than localhost (such as 0.0.0.0 to make it available publically):

echo "GatewayPorts=clientspecified" | sudo tee -a /etc/ssh/sshd_config
sudo systemctl restart sshd

Starting a Simple HTTP Server

If you start an HTTP server on port 8080 locally, it will also be available on example.com port 80:

python -m http.server 8080