In this article, I will show how to make ssh tunnel to securely connect to the remote server. When we browse a website, the browser uses http to connect to a website. But http is not secure so without https it might cause a certificate issue. If the certificate is not trusted by the clients, they won’t be able to connect. The ssh tunnel can provide encryption so the data transmission will be secure and we can use http for browsing.
-y: it will install without asking, httpd: argument to install the apache webserver. Now I will install a text-based web browser on the server and the client. The text-based web browser can be used similarly to ‘more’ or ‘less’ command. It shows the websites in text mode. I will use ‘links’.
Before the CentOS 8, the command above would work. But in CentOS 8 I have to execute the following command
I have configured key-based authentication between server and client, though the tunneling traffic via ssh doesn’t need keys. In the client machine, I will execute the following command
-f= the ssh process will run in the background
-L= listening to the port
8080= the port number it is going to listen, any port beyond 1024 is usable if it is not assigned.
localhost= the remote server
80= the remote server’s port number
root= connect as a root user
Server= remote server’s name
-N= not to execute a remote command
The command can be explained as follows:
The client will listen to port 8080. Then via ssh, the client is going to send the information that is going to be redirected to the localhost on the remote ssh server to the port 80. That is the apache web server running on the server.
Now I will connect to the server’s apache web server from the client machine.
I have successfully connected to the Apache webserver of the server machine. Press ‘q’ then ‘yes’ to quit.
There are some drawbacks to using ssh tunnel. First, every single host device has to manually configure ssh tunnel which is not feasible. Another point is, ssh tunnel configuration is run as a process.
-f= file listing
This command will filter the ssh process out of all processes from the listing.
This is the ssh tunnel process. The process id is 6197.
I have killed the process. Now again run ‘links http://localhost:8080’ command in the client machine.
As soon as the process is terminated, the connection is broken down. The output varies for web browser tools.
Due to firewall sometimes the http request can be rejected, use following command to the server to add http service to the firewall.