Logo

dev-resources.site

for different kinds of informations.

SSH port forwarding from within code

Published at
1/6/2025
Categories
rust
raku
ssh
Author
bbkr
Categories
3 categories in total
rust
open
raku
open
ssh
open
Author
4 person written this
bbkr
open
SSH port forwarding from within code

Intro

Port forwarding is a common technique used to access some service behind jump host from your local machine. It is a daily bread of many administrative tasks. In this post I'll show how to create such connections on demand from within Raku or Rust code (without relying on ssh -L system command).

Theory

Before jumping to implementation let me go briefly through operating principle.

There is service host that exposes something on port 7878. However you cannot access it directly from local machine because it is in different network.

ssh-1

Luckily there is jump host in that network that exposes SSH service on port 22, which you can connect to (1).

ssh-2

It is time to open any free port on your local machine (2), let's say 8080, and start listening for incoming connections. Note that those connections can be made from different thread of the same program, which is case we are interested in here.

ssh-3

Whenever connection arrives to local machine (3) we ask jump host using SSH connection (1) to create SSH channel (4) that will pass TCP packets with source port 8080 to jump machine to port 7878.

ssh-4

To complete puzzle we must pass traffic (5) between connection made to our local port 8080 (3) and SSH channel (4) in both ways using existing SSH connection (1).

Image description

Now to connect to service:7878 you actually connect to local:8080 and your data goes like this.

Image description

Important! You need another set of yellow arrows (4) and (5) for every forwarded connection you want to make, you cannot push packets from two connections through single SSH channel. Channel only knows that it should pass TCP packet with source port 8080, it has no knowledge that it came from specific connection (3) on local machine.

SSH key based authentication setup

In pretty much every case where SSH port forwarding is used SSH keys are preferred over interactive user/password login. If your local to jump connection is not already configured please perform following steps.

Generate new key on local machine:

ssh-keygen -t ed25519 -C "[email protected]"
Enter fullscreen mode Exit fullscreen mode

When asked for location choose some meaningful file name and remember the path, in my case it will be /home/me/.ssh/jump.

Enter key password and remember it - in my case it will be s3cret!.

Append content of generated public key /home/me/.ssh/jump.pub to ./ssh/authorized_keys file on jump host in your home directory there. Create file if needed. You can do it manually or you can use ssh-copy-id -i /home/me/.ssh/jump me@jump if you can already login to jump using login/password method and have ssh-copy-id installed on your local machine.

Test your setup by invoking ssh -i /home/me/.ssh/jump me@jump, enter your key password and if it connects you are good to go.

Security concerns

  • You should never store SSH key password directly in your code. I'll do it here purely for demonstration purposes, but in real life scenario I recommend storing and fetching it from remote vault. Just to have manageable "lockdown" procedure in case of security breach.
  • You should always confirm your jump host identity in case of man-in-the-middle attack, when someone redirects your DNS to a fake jump host. I'll explain later how to do it in Raku and Rust.

Let's start coding

Jump to:

raku Article's
30 articles in total
Favicon
SSH port forwarding from within code
Favicon
SSH port forwarding from within Raku code
Favicon
Solving the Weekly Challenge 302 Task 1: Ones and Zeroes in Python
Favicon
Solving the Weekly Challenge 302 Task 2: Step by Step in Python
Favicon
My Python Language Solution to Task 2: Nested Array from The Weekly Challenge 300
Favicon
My Python Language Solution to Task 1: Beautiful Arrangement from The Weekly Challenge 300
Favicon
My Python Language Solution to Task 1 from The Weekly Challenge 299
Favicon
Sparky - composable user interfaces for internal services
Favicon
Sparky - hacking minikube with mini tool
Favicon
Sparky - simple and efficient alternative to Ansible
Favicon
Confirming The LPW 2024 Venue & Date
Favicon
Announcing The London Perl & Raku Workshop 2024
Favicon
Stability
Favicon
Practicing Raku Grammars On Exercism
Favicon
Languages wanted!
Favicon
Perl and Raku Dev Room @FOSDEM 24
Favicon
Introducing Humming-Bird v3
Favicon
Publishing Raku modules
Favicon
Sorting numbers in Raku with the help of ChatGPT
Favicon
UTF-8 series wrap up
Favicon
UTF-8 Byte Order Mark
Favicon
Fun with UTF-8: Homoglyphs
Favicon
UTF-8 regular expressions
Favicon
Fun with UTF-8: variables and operators
Favicon
UTF-8 sorting and collation
Favicon
UTF-8 grapheme clusters
Favicon
UTF-8 (de)composition
Favicon
UTF-8 code point properties
Favicon
Fun with UTF-8: browsing code points namespace
Favicon
UTF-8 Glyphs and Graphemes

Featured ones: