Sometimes a security-conscious client is unable to give us direct access to their production server and instead we need to connect through an intermediary gateway server. It’s a reasonable request, but it can be a bit annoying when it comes to debugging - especially during the initial development phase. But fear not! There is a faintly glowing light at the end of this tunnel!
In this WWHD, one of our clients does exactly this, granting us a connection to the production server through their gateway server. The production server forbids access from all IPs unless whitelisted, so we’re going to use an ssh tunneling technique to gain SFTP access to the production server. It is magical!
This is the command we’ll be running to achieve our goal:
ssh -N -t -x -L 45454:destination.server.ca:22 firstname.lastname@example.org
After hitting enter, you’ll be asked to enter your password. Once you enter it, nothing will appear to happen and you will be sitting on an empty terminal with no cursor or feedback - but the tunnel will be opened.
At this point, you can set up your SFTP client to connect through the tunnel. Enter your username and password like normal, but substitute
localhost for server, and
45454 for the port.
Now, let’s break down what this command is actually doing!
sshWe know this one. We’re utilizing the secure shell protocol to access a remote system.
-NOpen the connection, but do not execute a remote command. This is when you’re just forwarding ports like we’re doing in this case.
-tForce pseudo-terminal allocation. This can be used to execute command line stuff.
-xDisables X11 forwarding. We’re simply opening a tunnel, we’re not going to need any sort of response – GUI or otherwise.
-LSpecifies that connections to the given TCP port on the local (client) host (left side) are to be forwarded to the remote side (right side).
:45454is the port number that will open on your local computer. We’re using 45454 as this port is not usually used (avoid 3306 or any other port number that is commonly used for other purposes).
destination.server.cais the destination host you want to connect to
:22is the port number opened for ssh/sftp connection on the host that you want to connect to. 22 is standard.
hopstudiosis the ssh user you’ve previously setup for the relay gateway server
gateway.server.cais the relay gateway server
When you’re finished and want to close the tunnel, stop your SFTP client, and then in the terminal where the tunnel is running, hit Ctrl+C to terminate the ssh connection.
This tip is a little bit niche, but hopefully if you’re reading this, you’ve found it useful. As always, please comment below if you have any suggestions or improvements!