Mastering Secure Connections: A Beginner's Guide to SSH Tunneling

What is SSH?

SSH, which stands for Secure Shell, is a cryptographic network protocol that allows secure communication between two computers. SSH is often used for remote controlling a machine for various purposes like managing infrastructure.

What is SSH Tunneling?

SSH Tunneling, also known as Port forwarding, is a method of securely transmitting data between two machines. In simple words, its a method of forwarding data packets from one machine to another. For eg: Gary may send a message to Altair, who in turn passes it to Ezio.
Similarly, Port forwarding directs data packets, originally intended for a specific IP address and port on one machine, to be rerouted to a different IP address and port on another machine.
SSH Tunneling creates a secure channel between the machines. This channel can be used to transmit data, bypass firewalls, and access services securely.

What is SSH used for?

Remotely managing server(s), infrastructure.
Securely transferring files.
Accessing services in the cloud without exposing a local machine's ports to the Internet
Bypassing firewall restrictions

Example

Problem

An Application-A which was deployed on AWS EC2 was using ElasticCache. Another Application-B was deployed on GCP VM which needs to access the same ElasticCache instance.
By design ElastiCache instance(s) are not accessible outside of the VPC in which they started in. Elasticache instance(s) are started under internal subnet(s) of the VPC meaning ElastiCache is only accessible by applications deployed in the same VPC as Elasticache.

Solution?

There are different solutions for this, based on the usecases, the solution should be designed. For this article, we will go with SSH Tunneling.

Step 1: Generate SSH Key Pair:
If you don't have an SSH key pair, generate one using the ssh-keygen command.
Step 2: Configure AWS ElastiCache Security Group:
Ensure that your AWS ElastiCache Redis instance's security group allows incoming connections on the desired port (default is 6379).
Step 3: Establish SSH Connection:

ssh -i /path/to/your/private-key.pem -L 6379:your-redis-endpoint.amazonaws.com:6379 ec2-user@your-ec2-instance.amazonaws.com -N

Replace /path/to/your/private-key.pem, your-redis-endpoint.amazonaws.com, and your-ec2-instance.amazonaws.com with your actual values.
Step 4: Connect to Redis Locally:

With the SSH tunnel established, you can now connect to the Redis instance on your local machine as if it were running there. Use your preferred Redis client and connect to localhost:6379.

Conclusion

In a nutshell, SSH tunneling is like creating a secret tunnel between your computer and another one. It ensures that the information you send and receive is protected from prying eyes, allowing you to securely access services and resources on a remote machine as if they were right there with you. It’s your digital key to a private, encrypted pathway on the internet.

Shreehari