virtualMachine

Access a server using an SSH tunnel

Bitnami strongly discourages you from opening server ports apart from those defined by default. In case you need to access a server on a specific port remotely, Bitnami recommends creating an SSH tunnel instead of opening the port in the server firewall.

Depending on your operating system, follow these instructions to create an SSH tunnel and ensure secure access to the application.

IMPORTANT: Before following the steps below, ensure that you have enabled the SSH server (disabled by default) and that your application server is running.

Access a server using an SSH tunnel on Windows

In order to access your server via SSH tunnel you need an SSH client. In the instructions below we have selected PuTTY, a free SSH client for Windows and UNIX platforms.

Once you have your SSH client correctly configured and you tested that you can successfully access to your instance via SSH, you need to create an SSH tunnel. For doing so, follow these steps:

  • In the “Connection -> SSH -> Tunnels” section, create a secure tunnel by forwarding a port (the “destination port”) on the remote server to a port (the “source port”) on the local host (127.0.0.1 or localhost). An example of configuring an SSH tunnel between remote port 80 and local port 8888 is displayed below.

    PuTTY safe tunneling

  • Click the “Add” button to add the secure tunnel configuration to the session. (You’ll see the added port in the list of “Forwarded ports”). An example of configuring an SSH tunnel between remote port 80 and local port 8888 is displayed below.

    PuTTY safe tunneling

  • In the “Session” section, save your changes by clicking the “Save” button.

  • Click the “Open” button to open an SSH session to the server. The SSH session will now include a secure SSH tunnel between the two specified ports.

While the tunnel is active, you should be able to access the application through the secure SSH tunnel you created, by browsing to http://127.0.0.1:SOURCE-PORT/ or http://localhost:SOURCE-PORT/. Remember to replace SOURCE-PORT with the source port number specified.

Access a server using an SSH tunnel on Linux and Mac OS X

To access the server on a specific port using an SSH tunnel, you need to have the following information:

  • Server’s IP address
  • Username and password (if you want to connect the server using the SSH username and password).
  • Server username and corresponding SSH private key in .pem format for Linux and Mac OS X (if you have enabled the key-based authentication).

Learn how to obtain your SSH credentials for your client.

Once you have the information above, follow these instructions to access the server using an SSH tunnel:

  • Open a new terminal window on your local system (for example, using “Finder -> Applications -> Utilities -> Terminal” in Mac OS X or the Dash in Ubuntu).
  • You have two options to configure the SSH tunnel: connect to the server using a private key (recommended) or connect to the server using a SSH password. Follow the instructions below per each option:

    • Option 1: Connect to the server without keyfile

      • Run the following command. Remember to replace SOURCE-PORT with the source port, DESTINATION-PORT with the destination port, USERNAME (bitnami by default), and SERVER-IP with the IP address or hostname of your virtual machine. Refer to the FAQ to know where is the virtual machine’s IP address. Enter your SSH password when prompted.

        $ ssh -N -L SOURCE-PORT:127.0.0.1:DESTINATION-PORT bitnami@SERVER-IP
        
    • Option 2: Connect to the server using key-based authentication

      • Make sure that you have your SSH credentials in hand.
      • Run the following command to configure the SSH tunnel. Remember to replace SOURCE-PORT with the source port, DESTINATION-PORT with the destination port, KEYFILE with the path to your private key, and SERVER-IP with the IP address or hostname of your virtual machine. Refer to the FAQ to know how to find the virtual machine’s IP address.

        $ ssh -N -L SOURCE-PORT:127.0.0.1:DESTINATION-PORT -i KEYFILE bitnami@SERVER-IP
        

NOTE: If successful, the above commands will create an SSH tunnel but will not display any output on the server console.

While the tunnel is active, you should be able to access the application through the secure SSH tunnel you created, by browsing to http://127.0.0.1:SOURCE-PORT/ or http://localhost:SOURCE-PORT/. Remember to replace SOURCE-PORT with the source port number specified.

Last modification October 1, 2018