Accessing Services on Private Servers using SSH Tunnel

This is really an interesting topic to write about.

Usually the servers with sensitive data are kept hidden from public network access or on internet. They will not have direct access using a public IP address. This is done mainly due to security concerns, in order to prevent hacking of data or misuse.

But sometimes, developers and administrators might need to access those servers for fetching data, for applying some patches in real-time or there can be any emergency situation that demands the access to those servers.

Telerain Servers for instance:

Let us take the case of our Telerain servers. We do have our Database servers out of public network access. So they are allowed to access from our internal private network only.

Just to point out, we have 5 different classes of internet IP addresses. They are grouped into public IP addresses which are provided by ISP (Internet Service Providers) and private IP addresses which are for internal networks only.

In order to access our database server which is on private IP address (10.XX.XX.81) we have to login to any of our public servers (203.XX.XX.100) and then connect to the database server using command line. This is a tedious process.

Other ways of doing this:

1. Using RDP (Remote Desktop Protocol) connection
2. Using VPN (Virtual Private Network) connection

The RDP allows only one session at a time, so if one person is already using it, we will have to wait till the session gets over. Only then we can take access to the server.

The VPN connection provides secured tunnel connection using VPN protocols and connects to the internal private network. So we can get access to private server, in our case, the database server.

The commercial VPN client solutions do come with a price, adding limit to number of parallel connections.

Easy solution:

We can setup a SSH tunnel using simple SSH client like Putty. Putty is a SSH client tool we can connect to remote servers on public IP address using Secure Shell connection. This will provide us a (Text Mode) command line interface of the server.

You may think, ‘But how this can help us? It is same tedious process we have discussed above, right?

The Putty can make SSH tunnel or kind of port forwarding from our local computer to the remote server.

So using that SSH tunnel we can map any services running on remote private server to our local computer and access it like a local service. Great!!

Let’s see how to do that:

 

1.)    Go to Connection -> SSH -> Tunnels

2.)    Add Source port: 3306 this is the port getting mapped to your private server service.
Destination: 10.XX.XX.81:3306 this is actual remote private server IP address and service port.

3.)    Click Add, you will see the tunnel connection is added:

 

Now you can use any client to connect using localhost and port 3306. For example, if you are using Navicat or any client for MySQL. Then you need to create a MySQL database connection and connect to localhost 3306 port.

On providing credentials, you will be able to connect to remote server instantly.

We have seen a sample for accessing MySQL service on a remote private server using SSH tunnel. This is not limited to only MySQL service. We can have any number of ports mapped to services through SSH tunnel and can access it locally from our computer machine.