SSH port forwarding

SSH port forwarding can be used as a simple hacky way to get traffic from a server on the internet without having to open ports on my home internet connection. It uses ssh as well so it's normally always available on linux somewhere.

e.g.: ssh -R 8080:localhost:8080 -i /path/to/key user@123.45.6.78

This will connect to remote the server 123.45.6.78, and pass traffic from that remote server's 8080, and forward it back to my localhost:8080.

To expose that to the web, on the remote server, I can run caddy or nginx to pass traffic to 127.0.0.1:8080 and it'll back over the tunnel to my home network..

I've used a package called "autossh" in the past which periodically checks and refreshes the tunnel, but on setting up this again recently, stumbled across Is autossh redundant with systemd on stackoverflow.

Top answer has this helpful looking systemd config which I'm going to try using:

[Unit]
Description=autossh
Wants=network-online.target
After=network-online.target

[Service]
Type=simple
ExecStart=
ExecStart=/usr/bin/ssh -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -o ExitOnForwardFailure=yes -R8023:localhost:22 sshtunnel@[address of my server] -N -p 22 -i /root/.ssh/id_rsa_insecure
Restart=always
RestartSec=60

[Install]
WantedBy=multi-user.target

There's also a comment suggesting autossh could end up being more reliable because it tests the channel is still open a bit differently, but I think if I can do it without an extra package where possible, that's more efficient.

When to use alternatives

Most of the time. The main benefit of this solution is SSH client and server are basically everywhere, and most of the time already at least partially configured for remote access.

Wireguard is often a better choice, and relatively ubiquitous.