While our servers will automatically pass through HTTP connections via a reverse proxy, what about non-HTTP applications? We have implemented a port forwarding system to address this.
This guide assumes you did not install an SSH server by running
netsoc webspace init with
--ssh. If you did, SSH with port
forwarding is already configured. The information regarding managing your
port forwards is still relevant of course!
Set up SSH
In order to make use of a port forward, we need a service to forward a port to! We'll be using SSH, as it's a very handy way to log in to your webspace and transfer files. To install the SSH server:
apt install openssh-server
Enabling password login
After installation, the SSH server will be up and running, but we need to
configure it so that you can log in with your password (set during
netsoc webspace init). Run
nano /etc/ssh/sshd_config to open the config
nano. Scroll until you see something like the following:
# Ciphers and keying #RekeyLimit default none # Logging #SyslogFacility AUTH #LogLevel INFO # Authentication: #LoginGraceTime 2m #PermitRootLogin prohibit-password #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 #PubkeyAuthentication yes # Expect .ssh/authorized_keys2 to be disregarded by default in future. #AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 #AuthorizedPrincipalsFile none
#PermitRootLogin prohibit-password to
PermitRootLogin yes (make sure
to remove the
# at the beginning of the line!). Save the file and exit
systemctl reload sshd to apply the configuration changes.
Typically, enabling password login for the
root account is not
recommended. This is because SSH is usually exposed on a known port (22) and
it's very easy to write a script that will scan the entire internet and
brute force weak passwords. In this case, it's not too much of a concern,
since SSH will be exposed on a random port.
For improved security, particularly if running SSH on port 22, we recommend
you look into setting up public key authentication and re-disabling password
Create the port forward
Although the SSH server is up and running, you won't be able to connect to it
remotely. This is because the server isn't exposed to the internet. To create
a port forward, use the
netsoc webspace ports add command. SSH runs on port
22, so run
netsoc webspace ports add 22:
$ netsoc webspace ports add 22 Port 22 in webspace is now accessible externally via port 64363 $
Note the listed external port, which will be random for your webspace.
If you missed the external port or can't remember it, run
netsoc webspace ports to list all port forwards configured on your
Log into your webspace via SSH
Now that the port forward is set up, you can use an SSH client to log in to your
webspace! When prompted for a password, enter the same one used with
netsoc webspace init.
ssh email@example.com (use your own external port):
$ ssh firstname.lastname@example.org -p 64363 The authenticity of host '[myusername.netsoc.ie]:64363 ([18.104.22.168]:64363)' can't be established. ECDSA key fingerprint is SHA256:zB48NdWJQw1ZJztrt5NdTstgdl5Zj0tEuqOjc914zEs. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '[myusername.netsoc.ie]:64363,[22.214.171.124]:64363' (ECDSA) to the list of known hosts. email@example.com's password: Welcome to Ubuntu 20.04.1 LTS (GNU/Linux 5.4.71-netsoc-lxd8s x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. root@ws-u1:~#
Enter your details similar to below (use your own external port):
Press "Yes" on the dialog that appears on connnection. When asked for a
root and your password. You should see something similar to
If you've forgotten your webspace password, you can use
netsoc webspace exec passwd to reset it.
Removing port forwards
You can remove a port forward by running
netsoc webspace ports remove <external port>. To find the external port, use
netsoc webspace ports.