dashed-slug.net › Forums › General discussion › SSH Tunneling
Tagged: SSH Tunnel, Stunnel
- This topic has 8 replies, 2 voices, and was last updated 7 years ago by
alexg.
-
AuthorPosts
-
March 23, 2018 at 1:59 pm #2697
Anonymous
InactiveHi Alex,
Of course this is out of scope, still thought to mention and check with you. Followed article at https://www.digitalocean.com/community/tutorials/how-to-encrypt-traffic-to-redis-with-stunnel-on-ubuntu-16-04 and could communicate between servers on SSH tunnel. Daemon also starts and run perfectly after enabling SSL but could not communicate through plugin. I am sure, i must be missing something… Any clue?
Thanks
March 23, 2018 at 5:13 pm #2702Anonymous
InactiveDoes this work if i don’t use stunnel service? Remote port forward? was checking on following https://blog.trackets.com/2014/05/17/ssh-tunnel-local-and-remote-port-forwarding-explained-with-examples.html
March 23, 2018 at 7:18 pm #2703Anonymous
InactiveAlex,
Successfully connected thru SSH Tunnel port forwarding to plugin site. Worked perfectly, now plugin uses 127.0.0.1 to connect daemon running on remote server.
March 24, 2018 at 3:34 am #2707Anonymous
InactiveSo here we go.. first time i got introduced to SSH Tunnel. Connected successfully.
following is the commandssh -R server2:port:localhost:port root@server2
The challenge is how to keep tunnel alive.March 24, 2018 at 6:54 am #2708alexg
KeymasterHi, good to hear you got it working.
I intend to add instructions in the documentation at some point, so thank you for sharing the command.
As for keeping the tunnel alive, it seems the best practice is to use
autossh
:March 24, 2018 at 8:11 am #2712Anonymous
InactiveAlex,
There is more to it … earlier mentioned command terminates after a while, and it’s not possible to monitor it all the time until a service is created to take care of it. So following is what is needed to be done
https://gist.github.com/sanludhi/c2477758d37ff1557d0819f88492a7ca
When port is forwarded to the plugin, IP for the daemon would be 127.0.0.1 and no need to mention rpcallowip=x.x.x.x. in the coin.conf.
NOTE: Need not to install Stunnel service
Thanks
March 24, 2018 at 9:12 am #2714Anonymous
InactiveI mean no need to mention rpcallowip=externalip
March 24, 2018 at 10:18 am #2716Anonymous
InactiveUpdated link https://github.com/sanludhi/ssh-tunnel
March 26, 2018 at 5:35 am #2719alexg
KeymasterThank you very much for sharing all of this info. Setting up a service is the best option as you said.
Once I try this out myself I will add to the documentation.
It makes sense that when you set up a tunnel you need to connect to localhost instead of the remote IP.
best regards
-
AuthorPosts
- You must be logged in to reply to this topic.