| Andrew Cooke | Contents | Latest | RSS | Twitter | Previous | Next

C[omp]ute

Welcome to my blog, which was once a mailing list of the same name and is still generated by mail. Please reply via the "comment" links.

Always interested in offers/projects/new ideas. Eclectic experience in fields like: numerical computing; Python web; Java enterprise; functional languages; GPGPU; SQL databases; etc. Based in Santiago, Chile; telecommute worldwide. CV; email.

Personal Projects

Lepl parser for Python.

Colorless Green.

Photography around Santiago.

SVG experiment.

Professional Portfolio

Calibration of seismometers.

Data access via web services.

Cache rewrite.

Extending OpenSSH.

C-ORM: docs, API.

Last 100 entries

Textbook for "QM as complex probabilities"; SFO Get Libor Trader (14 years); Why Are There Still So Many Jobs?; Navier Stokes Incomplete; More on Benford; FBI Claimed Vandalism; Architectural Tessellation; Also: Go, Blake's 7; Delusions of Gender (book); Crypto AG DID work with NSA / GCHQ; UNUMS (Universal Number Format); MOOCs (Massive Open Online Courses); Interesting Looking Game; Euler's Theorem for Polynomials; Weeks 3-6; Reddit Comment; Differential Cryptanalysis For Dummies; Japanese Graphic Design; Books To Be Re-Read; And Today I Learned Bugs Need Clear Examples; Factoring a 67 bit prime in your head; Islamic Geometric Art; Useful Julia Backtraces from Tasks; Nothing, however, is lost with less discomfort than that which, when lost, cannot be missed; Article on Didion; Cost of Living by City; British Slavery; Derrida on Metaphor; African SciFi; Traits in Julia; Alternative Japanese Lit; Pulic Key as Address (Snow); Why Information Grows; The Blindness Of The Chilean Elite; Some Victoriagate Links; This Is Why I Left StackOverflow; New TLS Implementation; Maths for Physicists; How I Am 8; 1000 Word Philosophy; Cyberpunk Reading List; Detailed Discussion of Message Dispatch in ParserCombinator Library for Julia; FizzBuzz in Julia w Dependent Types; kokko - Design Shop in Osaka; Summary of Greece, Currently; LLVM and GPUs; See Also; Schoolgirl Groyps (Maths); Japanese Lit; Another Example - Modular Arithmetic; Music from United; Python 2 and 3 compatible alternative.; Read Agatha Christie for the Plot; A Constructive Look at TempleOS; Music Thread w Many Recommendations; Fixed Version; A Useful Julia Macro To Define Equality And Hash; k3b cdrom access, OpenSuse 13.1; Week 2; From outside, the UK looks less than stellar; Huge Fonts in VirtualBox; Keen - Complex Emergencies; The Fallen of World War II; Some Spanish Fiction; Calling C From Fortran 95; Bjork DJ Set; Z3 Example With Python; Week 1; Useful Guide To Starting With IJulia; UK Election + Media; Review: Reinventing Organizations; Inline Assembly With Julia / LLVM; Against the definition of types; Dumb Crypto Paper; The Search For Quasi-Periodicity...; Is There An Alternative To Processing?; CARDIAC (CARDboard Illustrative Aid to Computation); The Bolivian Case Against Chile At The Hague; Clear, Cogent Economic Arguments For Immigration; A Program To Say If I Am Working; Decent Cards For Ill People; New Photo; Luksic And Barrick Gold; President Bachelet's Speech; Baltimore Primer; libxml2 Parsing Stream; configure.ac Recipe For Library Path; The Davalos Affair For Idiots; Not The Onion: Google Fireside Chat w Kissinger; Bicycle Wheels, Inertia, and Energy; Another Tax Fraud; Google's Borg; A Verion That Redirects To Local HTTP Server; Spanish Accents For Idiots; Aluminium Cans; Advice on Spray Painting; Female View of Online Chat From a Male; UX Reading List; S4 Subgroups - Geometric Interpretation; Fucking Email; The SQM Affair For Idiots

© 2006-2015 Andrew Cooke (site) / post authors (content).

Reverse (Remote) SSH Tunnel With Free Amazon EC2

From: andrew cooke <andrew@...>

Date: Fri, 22 Apr 2011 18:07:26 -0300

My latest cable connection does everything in one small box that also works as
a router and WiFi.  That makes it very simple to use, but it has custom
firmware with minimal configuration, which means that I cannot accept any
incoming connections.

This is a nuisance if I am away from home, as I have no way to connect to my
computer(s) to do things like read email.

The obvious solution is to use ssh to open a remote tunnel on another machine
and then connect through there.  But my web site is on a virtual host, which
means that I cannot open ports "at random".  And work's computers are behind a
mess of firewalls that I don't fully understand (and also, I don't really want
to rely on work for non-work activities).

So today I configured an Amazon micro instance to do the work for me.  It
wasn't so complicated, and is free for a year.  Here's what I did:

 1 - Sign up with Amazon.  I didn't really understand what I was doing but it
 turns out that you don't need to - it's pretty much idiot proof.  You can use
 your existing Amazon account, but you need to supply credit card details and
 then reply to an automated phone call verification.  If it helps, what you
 want is "EC2" (you don't need to specify any details at this stage).

 2 - Start a "micro" EC2 instance.  Once you sign up you can get access to a
 web console.  There you can choose from a variety of different machine
 configurations.  I went to the "community" selection and chose a recent
 (11.4) OpenSuse (the "Suse" option on the initial list are not free).  For
 free, you want a yellow star next to the machine.  At some point in this
 process you get to download a key file, which you should save to your ~/.ssh
 directory (I'm assuming you're running Linux at home and at Amazon).

 3 - Once you have an instance started, fiddle with the "security group" in
 the web console.  This is basically a firewall.  Enable ports 22 and 2222
 (the latter will be the remote port for tunnelling through to home).  You
 don't need to restart the instance when you change the security group
 settings (but do check "Apply Rule Changes").

 4 - Connect to your instance using ssh.  The easiest way to do this is to
 modify ~/.ssh/config so it contains:

host *.amazonaws.com ssh.example.com
     user root
     StrictHostKeyChecking no
     UserKnownHostsFile /dev/null
     CheckHostIP no
     IdentityFile ~/.ssh/amazon-key.pem

  where amazon-key.pem is the file you downloaded at some point (also, make
  sure that has 600 access permissions).  Once you have that in config you can
  just use "ssh blah-blah.amazonaws.com" where blah-blah is the "public DNS"
  of your instance (see the web console).  At this point you already the proud
  owner of a little virtual computer....

  5 - Next, you need to associate your virtual computer with a real, permanent
  address.  Amazon has a service for this, called "Elastic IPs" (on the left
  of the web console).  Click that and after a few more clicks you'll have a
  permanent numeric address (which is quite something given that IPv4 is
  exhausted).

  6 - Optional, I guess, you can associate a DNS name with that IP address.
  Amazon doesn't do this, but your local DNS register or web host will.  In my
  case I created a new subdomain at webfaction.com and then pointed that at
  the EC2 instance.  This name should then be the "ssh.example.com" in the
  config file above.

  7 - On the instance, change the config to allow the SSH tunnel to bind
  correctly.  Go to /etc/ssh and edit sshd_config (IMPORTANT - this is not
  ssh_config, it's sshd_config, with a "d" - I wasted an hour here...).
  Uncomment the GatewayPorts line and set it to "yes" or "clientspecified"
  then restart sshd.

  8 - Back on your home machine, you can now create the tunnel:

ssh -fN2R 0.0.0.0:2222:localhost:22 ssh.example.com

  where "0.0.0.0" is the binding on EC2 (all NICs), 2222 is the port on EC2
  (what you will connect to), localhost is where that will be tunneled to
  locally, 22 is the local (ssh) port.  So connecting to port 2222 on your EC2
  example (now configured as ssh.example.com, or using the numeric "public IP"
  address) will log you in to your own computer.  Sweet.

  9 - To make this permanent, install autossh locally (eg with Yast).  Then
  configure root with the key file and config in root's .ssh directory.  As
  root you can then run:

autossh -f -M 2223 -N -R 0.0.0.0:2222:localhost:22 ssh.example.com

  (after killing the one you started as yourself earlier).  Even better, you
  can make a little script in /etc/init.d (or add the line above to rc.local
  if you're using anything other than OpenSuse) and this will start when your
  local machine starts.

And that's it.  "ssh -p 2222 ssh.example.com" will connect you to your home
computer, for free, from outside, via Amazon.

Andrew

Security Group

From: Pablo Cantero <pablo@...>

Date: Fri, 27 Jul 2012 16:42:16 -0300

Hey Andrew, great post!

In this part

Enable ports 22 and 2222


Actually, you need to enable only the port 2222, the port 22 is not
necessary.

Cheers,
Pablo Cantero

Alternatives

From: andrew cooke <andrew@...>

Date: Mon, 30 Jul 2012 09:06:57 -0400

See also http://news.ycombinator.com/item?id=4311622 which currently lists:

http://progrium.com/localtunnel/
http://pagekite.net/
https://showoff.io/
http://xip.io/
http://proxylocal.com/

Some appear to support ssh (others are just HTTP?) and some appear to be free.

Andrew

Comment on this post