SSH tunnel¶
SSH tunnels can be used to tunnel connections securely over a public network. We will cover local port forwarding here. For a more detailed explanation, refer to A Visual Guide to SSH Tunnels: Local and Remote Port Forwarding
Local Port Forwarding¶
Let's assume we start a local Python developement server on a D-PHYS Linux workstation like that:
user@workstation:~$ python3 -m http.server 9000 --bind 127.0.0.1
Serving HTTP on 127.0.0.1 port 9000 (http://127.0.0.1:9000/) ...
The server now listens on the loopback interface (127.0.0.1) and will only be reachable on the local computer:
user@workstation:~$ ss -tulpn | grep 9000
tcp LISTEN 0 5 127.0.0.1:9000 0.0.0.0:* users:(("python3",pid=49323,fd=3))
In order to connect to the server from another computer over the network, we can use an ssh tunnel. On the other computer establish an ssh tunnel using the following command:
+user@laptop:~$ ssh -L 9001:localhost:9000 user@workstation
user@workstation:~$
This opens a local port 9001 on our laptop and forwards it to port 9000 on the remote workstation.
You may also use the same port number on both sides. This is just for clarity of the example.
You can now access the Python server in your browser on your laptop via http://127.0.0.1:9001/.
xrdp via SSH tunnel¶
Some Linux workstations provide an xrdp service for graphical remote login. This is an on-demand service and needs to be requested by the hardware owner by contacting us.
For security reasons the service listens on the loopback interface only and is not exposed directly to the network. Use an ssh tunnel to connect to it from anywhere:
+user@laptop:~$ ssh -L 13389:localhost:3389 user@workstation
Connect your RDP client to the local forwarded port using the following commands:
Windows¶
mstsc /v:localhost:13389
Linux¶
xfreerdp /bpp:24 /v:localhost:13389 /u:<username> /clipboard +fonts
Mac¶
open "rdp://full%20address=s%3Alocalhost:13389"
Or open for instance the Microsoft Remote Desktop app and connect to localhost:13389