search

parro-it / open-ssh-tunnel

Easy ssh2 tunneling
MIT License
53 stars 7 forks source link

Better explanation of config #4

Closed rodic closed 7 years ago

rodic commented 7 years ago

I would be very thankful if someone could take a couple of minutes and provide better explanation of what are srcIp and srcAddr.

In scenario where I have to make a tunnel in order to access mongodb on remote host, if I'm not mistaken, configs should be:

host - remote server where mongo runs username & password | privateKey - ssh creds

destPort & destAddr - mongo port and ip (relative to the host) - 27017 & localhost.

localPort & localAddr - port on my local machine i want to bind to 27017 - 4000 & localhost, not sure why i have to provide loalAddr though.

Code I have atm works with

srcAddr: '',
srcPort: null,

but would appreciate explanation what they are and do I miss something important.

parro-it commented 7 years ago

localPort & localAddr - port on my local machine i want to bind to 27017 - 4000 & localhost, not sure why i have to provide localAddr though.

You have to provide localAddr when you need to make the tunnel visible to other hosts in your LAN. To do so, you should provide e.g. the IP of a network card on your local machine.

I try to describe this use case with a diagram:

╭───────────────╮      ╭─────────────────╮      ╭─────────╮      ╭─────────╮
│ Mongo         │      │ open-ssh-tunnel │      │ SSH     │      │ Mongo   │
│ client        │ <--> │                 │ <--> │ server  │ <--> │ server  │
│ 192.168.1.1   │      │ 192.168.1.2     │      │ 10.0.0.2│      │ 10.0.0.1│
│               │      │                 │      │         │      │         │
╰───────────────╯      ╰─────────────────╯      ╰─────────╯      ╰─────────╯

Options to implement this use case are:

{
    destPort: 27017,
    destAddr: '10.0.0.1',
    host: '10.0.0.2',
    port: 22,
    localAddr: 27018,
    localPort: '192.168.1.2',
    srcAddr: '192.168.1.1',
    srcPort: 27019
}

srcAddr & srcPort, when provided, should be the network address of a client host connecting to your SSH tunnel local endpoint. They are forwarded to the SSH server, that could provided, if needed, to the remote tcp server .

If you doesn't need them, than you can provide any value for the arguments.

tunnels is an Electron app that implement your use case: it manage SSH tunnels to connect to remote services running on the same machine of the SSH server.

You can see there on this module how I abstracted the call to open-ssh-tunnel to simplify the arguments.

rodic commented 7 years ago

grazie mille @parro-it . think you could add this to README maybe.

parro-it commented 7 years ago

grazie mille @parro-it . think you could add this to README maybe.

Prego @Rodic, would you mind make a PR to add it?

rodic commented 7 years ago

@parro-it not at all. will do it either tonight or tomorrow.

parro-it commented 7 years ago

Thank you! :smile: