C[omp]ute

Welcome to my blog, which was once a mailing list of the same name and is still generated by mail. Please reply via the "comment" links.

Always interested in offers/projects/new ideas. Eclectic experience in fields like: numerical computing; Python web; Java enterprise; functional languages; GPGPU; SQL databases; etc. Based in Santiago, Chile; telecommute worldwide. CV; email.

Personal Projects

Choochoo Training Diary

Last 100 entries

Surprise Paradox; [Books] Good Author List; [Computing] Efficient queries with grouping in Postgres; [Computing] Automatic Wake (Linux); [Computing] AWS CDK Aspects in Go; [Bike] Adidas Gravel Shoes; [Computing, Horror] Biological Chips; [Books] Weird Lit Recs; [Covid] Extended SIR Models; [Art] York-based Printmaker; [Physics] Quantum Transitions are not Instantaneous; [Computing] AI and Drum Machines; [Computing] Probabilities, Stopping Times, Martingales; bpftrace Intro Article; [Computing] Starlab Systems - Linux Laptops; [Computing] Extended Berkeley Packet Filter; [Green] Mainspring Linear Generator; Better Approach; Rummikub Solver; Chilean Poetry; Felicitations - Empowerment Grant; [Bike] Fixing Spyre Brakes (That Need Constant Adjustment); [Computing, Music] Raspberry Pi Media (Audio) Streamer; [Computing] Amazing Hack To Embed DSL In Python; [Bike] Ruta Del Condor (El Alfalfal); [Bike] Estimating Power On Climbs; [Computing] Applying Azure B2C Authentication To Function Apps; [Bike] Gearing On The Back Of An Envelope; [Computing] Okular and Postscript in OpenSuse; There's a fix!; [Computing] Fail2Ban on OpenSuse Leap 15.3 (NFTables); [Cycling, Computing] Power Calculation and Brakes; [Hardware, Computing] Amazing Pockit Computer; Bullying; How I Am - 3 Years Post Accident, 8+ Years With MS; [USA Politics] In America's Uncivil War Republicans Are The Aggressors; [Programming] Selenium and Python; Better Walking Data; [Bike] How Fast Before Walking More Efficient Than Cycling?; [COVID] Coronavirus And Cycling; [Programming] Docker on OpenSuse; Cadence v Speed; [Bike] Gearing For Real Cyclists; [Programming] React plotting - visx; [Programming] React Leaflet; AliExpress Independent Sellers; Applebaum - Twilight of Democracy; [Politics] Back + US Elections; [Programming,Exercise] Simple Timer Script; [News] 2019: The year revolt went global; [Politics] The world's most-surveilled cities; [Bike] Hope Freehub; [Restaurant] Mama Chau's (Chinese, Providencia); [Politics] Brexit Podcast; [Diary] Pneumonia; [Politics] Britain's Reichstag Fire moment; install cairo; [Programming] GCC Sanitizer Flags; [GPU, Programming] Per-Thread Program Counters; My Bike Accident - Looking Back One Year; [Python] Geographic heights are incredibly easy!; [Cooking] Cookie Recipe; Efficient, Simple, Directed Maximisation of Noisy Function; And for argparse; Bash Completion in Python; [Computing] Configuring Github Jekyll Locally; [Maths, Link] The Napkin Project; You can Masquerade in Firewalld; [Bike] Servicing Budget (Spring) Forks; [Crypto] CIA Internet Comms Failure; [Python] Cute Rate Limiting API; [Causality] Judea Pearl Lecture; [Security, Computing] Chinese Hardware Hack Of Supermicro Boards; SQLAlchemy Joined Table Inheritance and Delete Cascade; [Translation] The Club; [Computing] Super Potato Bruh; [Computing] Extending Jupyter; Further HRM Details; [Computing, Bike] Activities in ch2; [Books, Link] Modern Japanese Lit; What ended up there; [Link, Book] Logic Book; Update - Garmin Express / Connect; Garmin Forerunner 35 v 230; [Link, Politics, Internet] Government Trolls; [Link, Politics] Why identity politics benefits the right more than the left; SSH Forwarding; A Specification For Repeating Events; A Fight for the Soul of Science; [Science, Book, Link] Lost In Math; OpenSuse Leap 15 Network Fixes; Update; [Book] Galileo's Middle Finger; [Bike] Chinese Carbon Rims; [Bike] Servicing Shimano XT Front Hub HB-M8010; [Bike] Aliexpress Cycling Tops; [Computing] Change to ssh handling of multiple identities?; [Bike] Endura Hummvee Lite II; [Computing] Marble Based Logic; [Link, Politics] Sanity Check For Nuclear Launch; [Link, Science] Entropy and Life

Reverse (Remote) SSH Tunnel With Free Amazon EC2

From: andrew cooke <andrew@...>

Date: Fri, 22 Apr 2011 18:07:26 -0300

My latest cable connection does everything in one small box that also works as
a router and WiFi.  That makes it very simple to use, but it has custom
firmware with minimal configuration, which means that I cannot accept any
incoming connections.

This is a nuisance if I am away from home, as I have no way to connect to my
computer(s) to do things like read email.

The obvious solution is to use ssh to open a remote tunnel on another machine
and then connect through there.  But my web site is on a virtual host, which
means that I cannot open ports "at random".  And work's computers are behind a
mess of firewalls that I don't fully understand (and also, I don't really want
to rely on work for non-work activities).

So today I configured an Amazon micro instance to do the work for me.  It
wasn't so complicated, and is free for a year.  Here's what I did:

 1 - Sign up with Amazon.  I didn't really understand what I was doing but it
 turns out that you don't need to - it's pretty much idiot proof.  You can use
 your existing Amazon account, but you need to supply credit card details and
 then reply to an automated phone call verification.  If it helps, what you
 want is "EC2" (you don't need to specify any details at this stage).

 2 - Start a "micro" EC2 instance.  Once you sign up you can get access to a
 web console.  There you can choose from a variety of different machine
 configurations.  I went to the "community" selection and chose a recent
 (11.4) OpenSuse (the "Suse" option on the initial list are not free).  For
 free, you want a yellow star next to the machine.  At some point in this
 process you get to download a key file, which you should save to your ~/.ssh
 directory (I'm assuming you're running Linux at home and at Amazon).

 3 - Once you have an instance started, fiddle with the "security group" in
 the web console.  This is basically a firewall.  Enable ports 22 and 2222
 (the latter will be the remote port for tunnelling through to home).  You
 don't need to restart the instance when you change the security group
 settings (but do check "Apply Rule Changes").

 4 - Connect to your instance using ssh.  The easiest way to do this is to
 modify ~/.ssh/config so it contains:

host *.amazonaws.com ssh.example.com
     user root
     StrictHostKeyChecking no
     UserKnownHostsFile /dev/null
     CheckHostIP no
     IdentityFile ~/.ssh/amazon-key.pem

  where amazon-key.pem is the file you downloaded at some point (also, make
  sure that has 600 access permissions).  Once you have that in config you can
  just use "ssh blah-blah.amazonaws.com" where blah-blah is the "public DNS"
  of your instance (see the web console).  At this point you already the proud
  owner of a little virtual computer....

  5 - Next, you need to associate your virtual computer with a real, permanent
  address.  Amazon has a service for this, called "Elastic IPs" (on the left
  of the web console).  Click that and after a few more clicks you'll have a
  permanent numeric address (which is quite something given that IPv4 is
  exhausted).

  6 - Optional, I guess, you can associate a DNS name with that IP address.
  Amazon doesn't do this, but your local DNS register or web host will.  In my
  case I created a new subdomain at webfaction.com and then pointed that at
  the EC2 instance.  This name should then be the "ssh.example.com" in the
  config file above.

  7 - On the instance, change the config to allow the SSH tunnel to bind
  correctly.  Go to /etc/ssh and edit sshd_config (IMPORTANT - this is not
  ssh_config, it's sshd_config, with a "d" - I wasted an hour here...).
  Uncomment the GatewayPorts line and set it to "yes" or "clientspecified"
  then restart sshd.

  8 - Back on your home machine, you can now create the tunnel:

ssh -fN2R 0.0.0.0:2222:localhost:22 ssh.example.com

  where "0.0.0.0" is the binding on EC2 (all NICs), 2222 is the port on EC2
  (what you will connect to), localhost is where that will be tunneled to
  locally, 22 is the local (ssh) port.  So connecting to port 2222 on your EC2
  example (now configured as ssh.example.com, or using the numeric "public IP"
  address) will log you in to your own computer.  Sweet.

  9 - To make this permanent, install autossh locally (eg with Yast).  Then
  configure root with the key file and config in root's .ssh directory.  As
  root you can then run:

autossh -f -M 2223 -N -R 0.0.0.0:2222:localhost:22 ssh.example.com

  (after killing the one you started as yourself earlier).  Even better, you
  can make a little script in /etc/init.d (or add the line above to rc.local
  if you're using anything other than OpenSuse) and this will start when your
  local machine starts.

And that's it.  "ssh -p 2222 ssh.example.com" will connect you to your home
computer, for free, from outside, via Amazon.

Andrew

Security Group

From: Pablo Cantero <pablo@...>

Date: Fri, 27 Jul 2012 16:42:16 -0300

Hey Andrew, great post!

In this part

Enable ports 22 and 2222


Actually, you need to enable only the port 2222, the port 22 is not
necessary.

Cheers,
Pablo Cantero

Alternatives

From: andrew cooke <andrew@...>

Date: Mon, 30 Jul 2012 09:06:57 -0400

See also http://news.ycombinator.com/item?id=4311622 which currently lists:

http://progrium.com/localtunnel/
http://pagekite.net/
https://showoff.io/
http://xip.io/
http://proxylocal.com/

Some appear to support ssh (others are just HTTP?) and some appear to be free.

Andrew

Comment on this post