As most professional programmers, we use Macs quite a lot in daily work. But did you know we can easily export our data to the Internet? Trusted people can access our laptop directly from anywhere. Keep in mind, this is definitely for temporary use. It could be SSH operations or various web services.
Here is a simple and complete guy to teach you how to do just that in 10 minutes. If you like it, share it.
Let’s say you’re working remotely and you need to share some of your work with your colleagues or clients. What would you do? Take screenshots with a lot of explanations? Start an EC2 instance, do the setup again, and migrate your current work there? That all takes money and time. A lot of extra time. Worse than that, it compromises our result. What if we could easily export our laptops directly to the audience?
Here, we just focus on Mac OS X, but the same technique would apply to all Linux boxes. Theoretically speaking, it would work for Ubuntu or CentOS with some minor changes.
Below, we try to:
- Export an SSH service from our mac laptop. Tech geeks are addicted to SSH, right?
- Export a web service. Here, we use Apache. It is installed by default in Mac OS X.
The main trick is the SSH reverse tunnel.
- A VM in a public cloud: We need a public IP to do the proxy. Don’t worry, the resource overhead is very small.
- Root access for the VM: We need this to configure SSHD, and/or iptables.
1. Configure Your Public VM
- Make sure the SSHD config file contains GatewayPorts clientspecified.
# mac: vim /etc/sshd_config # Ubuntu/CentOS: vim /etc/ssh/sshd_conf
- If the VM has iptables enabled, make sure it allows incoming traffic for port 40062 and 8088.
# Use ufw for Ubuntu env ufw allow 40062/tcp ufw allow 8088/tcp # Or use iptables directly iptables -A INPUT -i eth0 -p tcp --dport 40062 -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --dport 40062 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 8088 -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --dport 8088 -j ACCEPT
We use 40062 to do the SSH reverse tunnel so that people can SSH to our laptop. As for web services, we start Apache in our laptop — it listens on port 80. Then, we set up port forwarding from 8088 to 80 in this VM.
For better security, only allow traffic from trusted source IP addresses.
2. Enable SSH Service in Your Laptop
For security concerns, Mac OS doesn’t enable ssh remote login. Let’s turn it on: System Preferences -> Sharing -> Remote Login. Then verify by "telnet localhost 22."
3. Start SSH Reverse Tunnel in Your Laptop
# Replace below with your VM's public IP export vm_ip=YOUR_VM_IP # Perform ssh reverse tunnel # Parameters: -R(reverse tunnel), -4(ipv4) # Here we choose 40062 to do the tunnel. ssh -4 -v -p 22 -fN \ -o "PubkeyAuthentication=yes" \ -o "StrictHostKeyChecking=false" \ -o "PasswordAuthentication=no" \ -o "ServerAliveInterval 60" \ -o "ServerAliveCountMax 3" \ -R $vm_ip:40062:localhost:22 root@$vm_ip # Verify connection telnet $vm_ip 40062
Showtime! Run this:
ssh -p 40062 root@$vm_ip from any machine. Input the root password of your laptop. Then people can SSH your laptop now!
4. Export Your Website to the Internet
We want to simulate exporting web services. Mac OS X preinstalls Apache.
Let’s start Apache in our laptop.
# Start apache service in mac sudo apachectl start # Verify apache works curl http://localhost
In VM, SSH tunnel from $vm_ip:8088 to port 80 in our laptop.
# ssh tunnel for port forwarding ssh -v -N -p 40062 -f root@$vm_ip \ -L *:8088:localhost:80 -n /bin/bash
In any other machines, visit http://$vm_ip:8088 in a web browser.
What if I Don’t Need it Anymore?
Simply kill the process in your laptop, which runs ssh reverse tunnel.
# Find pid in mac ps -ef | grep 40062 # Kill process. If it fails, use 'kill -9' kill $pid # Verify it's done ps -ef | grep 40062 telnet $vm_ip 40062
Use AutoSSH To Handle "SSH Connection Unstable"
Quite naturally, an SSH connection might break up in our laptop. Network turbulence or the computer goes to idle or hibernate.
AutoSSH: Automatically restart SSH sessions and tunnels. Let’s set up the auto connection with AutoSSH.
# Install autossh brew install autossh # Verify installation which autossh
To take effect, let’s make a small change in Step #2 of the SSH reverse tunnel.
ssh -4 -v -p 22 -fN \ -o "PubkeyAuthentication=yes" \ -o "StrictHostKeyChecking=false" \ -o "PasswordAuthentication=no" \ -o "ServerAliveInterval 60" \ -o "ServerAliveCountMax 3" \ -R $vm_ip:40062:localhost:22 root@$vm_ip
autossh -M 40063 -4 -v -p 22 -fN \ -o "PubkeyAuthentication=yes" \ -o "StrictHostKeyChecking=false" \ -o "PasswordAuthentication=no" \ -o "ServerAliveInterval 60" \ -o "ServerAliveCountMax 3" \ -R $vm_ip:40062:localhost:22 root@$vm_ip
Make sure your VM won’t block the traffic of port 40063. Let’s verify the change, by telnet $vm_ip 40062.
All good? Then congratulations, you're set!