Sample Header Ad - 728x90

Securely Forward Service on Private Network to Client on Another Private Network

0 votes
0 answers
111 views
ssh-tunneling port-forwarding remote-desktop spice
I have two computers on private networks and a VPS, all running Linux. I would like to be able to make a secure tunnel between the two computers so that one can securely access services hosted by the other. I have tried looking at other solutions, but as far as I can tell they do not create a 'seamless' and secure tunnel between the two computers because one has to ssh into a VPS then ssh into the second computer from there after reverse forwarding it to the VPS, or they only work for SSH and don't allow forwarding other applications. This doesn't allow me to access the interface directly from the first computer as far as I know. Let us call these the Remote Computer, VPS, and Local Computer. * Remote Computer: Hosts Services (Spice Server) * VPS: Forwards Services * Local Computer: Accesses Services 
________________       _____       _________________
|                |     |     |     |                 |
| Local Computer |  | VPS |  | Remote Computer |
|________________|     |_____|     |_________________|

( = Secure SSH Tunnel)
I tried using SSH, but could not figure out how to do it securely. One of the services I am trying to forward is a Spice server and I did so by setting GatewayPorts to yes in /etc/ssh/sshd_config on the VPS and running the command ssh -R 55667:localhost:5900 user@VPS_IP on the Remote Computer, which allowed me to access the spice server by running remote-viewer spice://VPS_IP:55667 on the Local Computer. That, of course, wasn't be very secure though. A second solution I am considering is to use the following commands to try to make a secure connection: 
# Remote Computer
ssh -R 55667:localhost:5900 user@VPS_IP

# Local Computer
ssh -L 55667:localhost:55667 user@VPS_IP
remote-viewer spice://localhost:55667
For this GatewayPorts was enabled in /etc/ssh/sshd_config. I should also note that the spice server allows for one to set a password, though I'm pretty sure it doesn't encrypt anything and I am unsure about it's ability to protect the VM against attackers. This solution works, or at least I was able to access the spice server using the last command, but it still leaves the server accessible for people to do things like attempt to brute force the password for the spice server. Will the last example create a secure connection between the Local Computer and remote Computer? If not, is there a simple way to make a secure tunnel using something like SSH between the two computers so that I could, for example, run remote-viewer spice://localhost:55667 on the Local Computer, to access the spice server on the Remote Computer? Thank you in advance, and please let me know if there is any other information about the question I should provide!
Asked by Graham H (1 rep)
Aug 26, 2022, 09:41 PM
Last activity: Aug 26, 2022, 09:42 PM
Sidebar Ad - 300x250
Related Questions

Browse more questions from Unix & Linux Stack Exchange

More questions tagged "ssh-tunneling"
More questions tagged "port-forwarding"
More questions tagged "remote-desktop"
Footer Ad - 728x90