Quickwork
Search
⌃K

Reverse SSH Tunnel

Enable on-prem connectivity with Quickwork. Connect client services running on a network using SSH commands with the necessary private keys, hostnames, and ports.
Quickwork connects to services running in a private network without needing a public IP or gateway to establish a secure connection. Quickwork provides SSH hostname, SSH user, and a set of remote ports configured for you to establish a connection. Each port is allowed to be configured for a single service at a time. In order to connect with a private SSH instance, execute the following command:
ssh -f -N -R
<REMOTE_FORWARD_PORT>:<SERVICE_HOSTNAME_OR_IP>:<SERVICE_PORT>
<SSH_USER>@<SSH_HOST> -g -i <PATH_TO_PRIVATE_KEY> -o
ServerAliveCountMax=1 -o ExitOnForwardFailure=yes
Here are the definitions for each tag:
  • REMOTE_FORWARD_PORT: The port number shared by Quickwork to tunnel the traffic
  • SERVICE_HOSTNAME_OR_IP: Service hostname or IP
  • SERVICE_PORT: Port number your service is listening on
  • SSH_USER: Dedicated username configured by Quickwork for client connection establishment
  • SSH_HOST: Hostname shared to you by Quickwork, specific to your region
  • PATH_TO_PRIVATE_KEY: Path to the private key file shared by Quickwork to establish a connection with the remote server
Definitions of each flag:
  • -f: Run SSH agent in the background
  • -N: Do not allow to execute a remote command
  • -R: Remote address binding
  • -g: Allows remote hosts to connect to local forwarded ports
  • -i: Path to the private key file for identification purposes
  • -o: Option flags are used to exit on failure and keep the connection alive
If you prefer, you can establish a connection using the SSH configuration file. Here are the steps to do so:
  1. 1.
    Edit your SSH configuration file.
  2. 2.
    Add the following configuration SSH settings to the open file: Host <SSH_HOST> user <SSH_USER> IdentityFile <PATH_TO_PRIVATE_KEY> ServerAliveInterval 30 ServerAliveCountMax 1 ExitOnForwardFailure yes
  3. 3.
    Run one of the following commands via SSH or using autossh, in case you want to use a reliable SSH process manager: ssh -f -N -R <REMOTE_FORWARD_PORT>:<SERVICE_HOSTNAME_OR_IP>:<SERVICE_PORT> <SSH_HOST> -g or via autossh autossh -M 0 -f -N -R <REMOTE_FORWARD_PORT>:<SERVICE_HOSTNAME_OR_IP>:<SERVICE_PORT> <SSH_HOST> -g Note: Ensure that the service running the SSH client can access the underlying service.
Establishing connection of a local service with Quickwork
To understand how to establish a connection with Quickwork, we will use PostgresSQL as an example to establish a connection with the reverse SSH tunnel:
  • SSH_HOST: Hostname shared to you by Quickwork, specific to your region
  • REMOTE_FORWARD_PORT: The port number shared by Quickwork to tunnel the traffic
  • DB_NAME: Name of your database
  • DB_USERNAME: Database username
  • DB_PASSWORD: Database password
Figure 1: PostgeSQL app
And that’s it, you have successfully established a connection of a service running in your private network to Quickwork, without exposing the service to an internet gateway.
Previous
Quickwork Embedded - Getting Started
Last modified 1yr ago