Can SSH Tunneling Make Developer’s Life Easy & Hassle-Free?
Before defining the increasing importance SSH tunnelling has in the life of a developer, one needs to know what SSH is or the importance it has in the programming domain. Now most developers might know about it, but there might be some newbies who really want to be in lieu with the masters in software programming domain.
What Is SSH?
An ssh or SSH client is nothing but a program. It isn’t a simple program but one that is used for logging into remote machines as well as executing commands on remote machines. It is commonly used for providing secure encrypted communication among two untrusted hosts. All this over an insecure network.
It is common for developers to use the ssh tunnel. However, there are many who spend a huge amount of their time ssh’d in the remote machine. These are the ones who are well versed in the power of the ssh tunnels and even know what they are even are.
Defining SSH Tunneling Primer
SSH tunnelling is the ability to use ssh for creating a bi-directional encrypted network connection. These can be used among machines over data that can be exchanged, which is typically TCP/IP. Frankly, this allows to securely and easily make services available among machines with minimal effort.
Also, at the same time, it leverages ssh for user encryption and authentication with little to no overhead. Most importantly, the icing on the cake is you can get encryptions out of the box. This is doing without any additional work on the application service side.
Extreme Power Of SSH Tunneling
The ssh tunnel is all about making a secure two-way connection. This is between two servers by using the ssh port. Even though it might sound innocent, still it provides you with powerful and best capabilities. Right from beginning from the simplest tunnels to delving into subjects, there are more advanced one. Let’s go through them now -
- Communication Channel Encryption
Just imagine a situation where you would need to implement some kind of client-server software. There is already an existing solution. As per that it requires the encryption of the communication among server and client.
Now let’s think about this for a moment. What can be done in such a situation? If the software has the option to change the configuration, then you can configure the encryption. So, the communication channel can be secured. But what if the creator of the software didn’t think of the possibility of encrypting the communication.
Frankly, if you have access to the source code, you can easily implement encryption of the ssh port directly to the software. But you don’t get such opportunities, and even sometimes the implementation of the encryption alone won’t be easy.
- Utilizing Port Forwarding For Securing Communication Channel
This is one of the alternatives where you can use the SSH tunnel (this is encrypted just out of the box) and get it redirected to the client-server traffic through it. Here the solution is cheap, simple and worth something to consider.
Here let’s assume that the server is listening on the localhost port 2080. For using SSH to secure the communication channel, open the 1080 port on the client machine. It is from here the traffic will get redirected, and that too from an encrypted SSH connection to the server port 2080.
In such a case, you can use the below-given ssh command -
$ ssh -nNT -L 1080:localhost:2080 user@server
Here the above ssh command is read as follows -
ssh user@server — open SSH connection to user@server
-nNT- This sets additional options to block/disable unnecessary ssh functions. These are not used when the port forwarding. In addition, it is even worth using them for security reasons too.
-L 1080:localhost:2080 — Here this ssh command corresponds to the command -L localhost:1080:localhost:2080 — on the machine. Then I run the ssh command opens the 1080 port on the local interface. At this moment of connection which is done to the port, allow the server I am connecting to (ssh port) open the connection to the localhost port 2080 and get redirect the returning and incoming traffic there.
- Remote Port Forwarding
$ ssh -nNT -R 4000:localhost:3000 user@server.com
Here the above ssh command will set up the ssh tunnel among your machine and server. Then it will forward all traffic from the localhost:3000 (which is on your machine) to the localhost:4000 (which is in the context of the server). So, now you can connect to the locally run service on the port 3000 on the server on port 4000. Frankly, this trick is quite useful as it allows one to expose the locally running service. All this through their server to others on the internet without needing to deploy or setup it on the server.
- Highly Advanced Use Cases
The above three mentioned use cases or ssh command are the most commonly used ones. But they can be easily modified and used in various interesting ways. Most importantly to establish the ssh tunnel not only among the local machine and server but even for additional machines which are internal to the network or internal to the server network. This is achieved by below ssh command-
$ ssh -nNT -R 0.0.0.0:4000:192.168.1.101:631 user@server.com
Rather than using the default bind address, here 0.0.0.0 is explicitly used. So, it implies that the service available on the server on the port 4000 can be accessible internally to the server network. This is through all network interfaces like virtual network, bridge networks which are used in the container environment like docker.
Wrapping Up
The potential ssh tunnel has is great. But how much importance it can bring into the life of a developer is something to watch out for. Of course, it is a great remote logging tool and immensely assists developers, but to what extent and how long is something to really think about.
