First off, I didn’t want to simply forward port 22 on my firewall to my local machine as I didn’t want to completely expose it to the net. I have a number of hardened Internet servers that are completely exposed (for ssh connections, that is) and sufficiently locked down that I felt comfortable configuring my network to only allow ssh connections from a specific server. What I did there was specify firewall rules to only allow connections on port 22 from a specific machine and then forward those connections to my machine behind the firewall. I’ll leave the details of that as an exercise for the reader (or a future article).
Once that was set up, I could now set up an SSH tunnel on the trusted Internet server to my machine behind my firewall. To do that, login to your server and enter the following command:
ssh -N -L234.234.234.234:8888:121.121.121.121:22 username@234.234.234.234
Where:
- 234.234.234.234 ip address of the local machine
- 8888 is the port on the local machine that is accepting the ssh connection that you are tunneling
- 121.121.121.121 is the ip address of the firewall (destination ip for the other end of the tunnel)
- username@234.234.234.234 is a valid user name on the local box that is accepting and forwarding the connection
Run the command, you will now be forwarding ssh connections on port 8888 on your Internet server to your local machines firewall. I added that command to a shell script that I could run. When I was through with it, just CTRL-C and it kills the tunnel.
Now the Subversion part on the Windows client:
I had initially set up Subversion to use password-less ssh keys but decided that I wanted to use the interactive password instead. I had installed TortoiseSVN, so that included Tortoiseplink. In this case, I simply added a tunnels entry into the conf as such:
customssh = Tortoiseplink -P 8888
With that entered, my tunnel set up, I could now connect with the following:
svn+customssh:/username@234.234.234.234/path/to/repository local_dir_for_files
This’ll enable you to access your repository from anywhere with your password.
I’ve got a Subversion repository on my machine at my office, and it became clear that it would be really nice if I could access it from anywhere on the net. It was also clear that it needed to be with an interactive password, and not using ssh keys as I did not want leave ssh keys on untrusted machines.
Click on Read More for the full explanation of how I put it together. First off, I didn’t want to simply forward port 22 on my firewall to my local machine as I didn’t want to completely expose it to the net. I have a number of hardened Internet servers that are completely exposed (for ssh connections, that is) and sufficiently locked down that I felt comfortable configuring my network to only allow ssh connections from a specific server. What I did there was specify firewall rules to only allow connections on port 22 from a specific machine and then forward those connections to my machine behind the firewall. I’ll leave the details of that as an exercise for the reader (or a future article).
Once that was set up, I could now set up an SSH tunnel on the trusted Internet server to my machine behind my firewall. To do that, login to your server and enter the following command:
ssh -N -L234.234.234.234:8888:121.121.121.121:22 username@234.234.234.234
Where:
- 234.234.234.234 ip address of the local machine
- 8888 is the port on the local machine that is accepting the ssh connection that you are tunneling
- 121.121.121.121 is the ip address of the firewall (destination ip for the other end of the tunnel)
- username@234.234.234.234 is a valid user name on the local box that is accepting and forwarding the connection
Run the command, you will now be forwarding ssh connections on port 8888 on your Internet server to your local machines firewall. I added that command to a shell script that I could run. When I was through with it, just CTRL-C and it kills the tunnel.
Now the Subversion part on the Windows client:
I had initially set up Subversion to use password-less ssh keys but decided that I wanted to use the interactive password instead. I had installed TortoiseSVN, so that included Tortoiseplink. In this case, I simply added a tunnels entry into the conf as such:
customssh = Tortoiseplink -P 8888
With that entered, my tunnel set up, I could now connect with the following:
svn+customssh:/username@234.234.234.234/path/to/repository local_dir_for_files
This’ll enable you to access your repository from anywhere with your password.