SSH Tunnel Notes

Ran a second local http server (in addition to xampp): f:\xampp\php> php -S 127.0.0.1:8000 phptest.htm is in this f:\xampp\php folder Then in a browser: localhost:8000/phptest.htm It worked!

Create an SSH Tunnel for MySQL Remote Access with PuTTy Setup Jupyter Notebook on AWS and access locally via SSH Tunnel

Use PuTTY to setup an encrypted ssh proxy tunnel to oci.me: https://www.math.ucla.edu/computing/kb/creating-ssh-proxy-tunnel-putty When surfing, instead of my local comcast ip, browsing is done with the ip address of the oci.me server PuTTY –> Connection –> SSH –> Tunnels –> Add Source Port 31415, Dynamic On oci.me, /etc/ssh/sshd.conf –> GatewayPorts yes No changes needed to apache configs; only need the SSH tunnel and browser proxy setup Note that this required configuring network settings in firefox (portable) to enter proxy details Everything worked except for surfing to an oci.me page itself (why? Found that that in the ff config, you can set 'No Proxy' options, so I entered the IP address for oci.me, and that worked! Note that localhost and 127.0.0.1 are never proxied) To avoid setting up firefox for a proxy, here are options: (but this was just for learning on how to proxy)   + Use miniproxy.php on oci.me to do the same thing, or proxysite.com. Also look into tinyproxy or privoxy   + Use apache for proxy service. For this to work without opening a shell into oci.me, in PuTTY Connection –> SSH, click 'Don't strt a shell or command at all'

SSH tunneling links: https://www.math.ucla.edu/computing/kb/creating-ssh-proxy-tunnel-putty https://blog.devolutions.net/2017/4/how-to-configure-an-ssh-tunnel-on-putty
https://blog.trackets.com/2014/05/17/ssh-tunnel-local-and-remote-port-forwarding-explained-with-examples.html https://www.maketecheasier.com/reverse-ssh-tunnel-allow-external-connections/ https://superuser.com/questions/353234/what-is-the-difference-between-local-and-remote-ip-forwarding https://serverfault.com/questions/272754/what-is-the-difference-between-local-remote-dynamic-ssh-tunneling https://unix.stackexchange.com/questions/46235/ how-does-reverse-ssh-tunneling-work

To use Git Bash to connect via ssh rather than PuTTY, the opcprivate.ppk (PuTTY-specific format) has to be converted to .pem Open puttygen –> load z:\oracle-keys\opcprivate.ppk –> Conversions –> Export OpenSSH Key (force new file format)

SSH into oci from Git Bash shell: ssh -i private.pem ubuntu@oci.me (it worked!) ssh -i private.pem thedevx@gce.me (worked)

ssh -i private.pem -L 8000:imgur.com:80 ubuntu@oci.me (this gives error messages; article example might be bad)

https://hackertarget.com/ssh-examples-tunnels/ (22 SSH Examples, Tips & Tunnels) in git bash: vim edited /etc/hosts to add entry for gce.me and oci.me created /ssh_config: Host oci.me   HostName oci.me   User ubuntu   Port 22   IdentityFile private.pem

successfull sftp session and downloaded a file with get command (article also has scp example) sftp -F ssh_config ubuntu@oci.me Also see ngrok | Serveo | inlets | chisel | sish | onion-expose | localhost.run | sshreach.me | localtunnel | webhookrelay | portmap.io |
https://blog.alexellis.io/webhooks-are-great-when-you-can-get-them/ HTTPS for local endpoints with inlets and caddy | deploy an inlets exit node into a free namespace at k8spin.cloud | Free for Dev links Serveo query on HackerNews | Servo blog | Serveo lets you expose local services through a proxy server (a la ngrok), but uses SSH as the transport, so there's nothing to install. Serveo can also be self-hosted. Detailed inlets example | example on k8spin free tier | Hugo blog example | k8spin docs |

Note that /etc/ssh/sshd_config on oci has PermitTunnel no Not sure how this affects various examples -—

Reverse Port Forwarding example: on local machine in bash shell: f:\xampp\php> php -S 127.0.0.1:3000 ssh -F ssh_config -R 4000:localhost:3000 ubuntu@oci.me on oci.me: curl --output - http://127.0.0.1:4000/phptest.htm (this output the html; note that using localhost instead of 127.0.0.1 did not work) This is from the Remote Port Forwarding section in https://ryanharrison.co.uk/2019/04/28/ssh-tunneling.html It also accessed some .txt and .css files in this way on the remote So the php web server running on port 3000 on local machine is not exposed to internet but through the ssh tunnel it accessible on port 4000 on remote server.

This did not work: ssh -F ssh_config -R 80:localhost:3000 ubuntu@oci.me, then tried to access with web browser to oci.me, didn't work Not sure if because 80 is a privileged port requiring root or because apache on server redirects to 443. However, when I changed 80 to 443, that didn't work either (maybe because local machine php web server is not using https?). A curl on the remote server shell didn't work either. TO DO: try --insecure with curl

-— Logged into oci.me from git bash: $ ssh -i private.pem ubuntu@oci.me

TO DO: Experiment with Wireguard on VPS (nah, requires kernel module install, forget it)

-— What's the difference between Local, Remote, and Dynamic SSH tunneling Use local if you have a service running on a machine that can be reached from the remote machine, and you want to access it directly from the local machine. After setting up the tunneling you will be able to access the service using your local host IP (127.0.0.1)

Use remote if you have a service that can be reached from the local machine, and you need to make it available to the remote machine. It opens the listening socket on the machine you have used SSH to log into.

Dynamic is like local, but on the client side it behaves like a SOCKS proxy. Use it if you need to connect with a software that expects SOCKS forwarding. -—