0

I would like to connect to a service running on port X on a host. The service cannot be reached on the host IP address and port. There are 2 options I know which can achieve this:

  1. Local port forwarding through SSH tunnelling. (ssh -L)
  2. Using 'SSH + socat'

Which of these is a preferred method? Any issues wrt security in the above methods, like is one of them considered more secure?

EDIT 1

  1. The services involved are TCP based.
  2. X is in the range of 2000-9999.
  3. The host machine (which has service running on port X) is only single user right now, which is root. But in future, it may have 2 users, one root and other non-root.
  4. This is the layout of the system:

People on internet call APIs to my service, say A. For A to serve the requests, it needs to contact the service on host which is running at port X. Direct access to host (including SSH) is only available to my service A.

Improve this question
6
  • 1
    Please provide more details. How many computers are involved? Is X a small number? Are the machines single user? Does the service need a special client? For many cases using SSH forwarding is simpler, but usually allows any local user access to the remote service. Commented Jun 6, 2021 at 20:20
  • 1
    Also, is the service TCP or UDP based; SSH can only forward TCP connections without getting other utilities (like socat) involved. Commented Jun 7, 2021 at 0:30
  • Thanks @JeffBreadner I had updated the question. Commented Jun 7, 2021 at 5:43
  • 1
    I still need more details. The "special client" means the program that calls the APIs. I am a "person on the internet". Am I using a web browser to connect to a webserver, say on AWS, that you control to see stock prices. This webserver needs to connect to tcp port 2500 on a machine in your basement that is firewalled from the internet. This program on port 2500 provides a database to answer stock price queries. Your question is how to get from AWS to your basement machine? Is your "Service A" the webserver on AWS , rather than the database running in your basement? Commented Jun 7, 2021 at 10:55
  • 1
    I like the example provided by @icarus. The real question at this point is whether Service A is making the request to port X (unlikely, or else there's no problem that warrants this question) or that the client needs to be directed to query port X, which is unavailable. Rather than SSH, the "normal" way of doing this is with a reverse proxy like NGINX, which can expose port X on the same machine that is running Service A, but all requests to port X would be directed to the "real" port X on the private server. SSH port forwarding should not be used in this kind of production setup, IMO. Commented Jun 7, 2021 at 13:22

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.