Local SSH Tunnel Setup for macOS and Linux
Connecting to the Virytx Cloud to access your SSH tunnel is the same for both macOS and Linux. This command should be run when you want to connect to a tunnel you have created. You can leave this tunnel open for as long as you want. If it becomes disconnected, you can simply reconnect.
The port you choose locally can be changed (see Notes). If you are tunneling into many hosts using different services, you find it useful to pick a generic port and create a tunnel and leave it open. Each service you use locally can just be configured to use that port and you don’t need to often change it.
Open the Terminal/Command Line.
Virtyx will give you a command to type into the Terminal. This should be copied and pasted in.
ssh -N -L 22:localhost:4500 firstname.lastname@example.org
-Nis important. It specifies that you do not want to execute a command or get a shell on the host, you only want to forward ports. The Virtyx Cloud does not allow the execution of commands; if you don’t have
-Nthe command will fail.
-Lspecifies you are forwarding the local port (the first number, in this example
22) to the given host and port on the server you are ssh into. Since the tunnel is meeting on this given host you are forwardind your port
boring1.virtyx.com, on port 4500.
4500is an example port; Virtyx will specify which port you should be forwarding to. This port has access control on it and only you can access the port. This ensures you cannot tamper with other ports on the host, and other users cannot access your traffic. Using any other port will be reject or your connection will hang.
The command you type in will ask for your tunneling password. This is not the same as your Virtyx password. It was given to you upon setup of your tunneling configuration. If you lose this password please contact email@example.com and we will reset it. You should paste your password in here.
After pasting in your password, the connection will appear to do nothing. This means the tunnel has been successfully setup. No command is being executed and no prompt is given, only the ports are being forwarded.
Finally, you can configure whatever software you are using to connect to your tunnel. You do this by connecting to
localhostand specifying the first port you typed in above, in this example,
22. To complete the example, if you were using this tunnel for ssh, you would type in the following (in a new terminal):
ssh username@localhost -p 22
usernameis the user on the host you are accessing through the tunnel, the one with the Agent installed.
The command Virtyx gives you assumes the port you want to forward locally is the same as the port you are accesses in the host. This is a safe default, but can cause errors in two ways:
- You may get an error similar to:
Privileged ports can only be forwarded by root.
In some operating systems, ports less than 1024 are privileged. You can resolve this error in one of two ways:
sudoas a prefix to your command. This may ask for your local password, and then it will ask for your Virtyx tunnel password.
b) Pick a local port higher than 1024. For example, from above, instead of picking
22as the local port, you can pick
2022. The command would look like this:
ssh -N -L 2022:localhost:4500 firstname.lastname@example.org
You would then connect with:
ssh username@localhost -p 2022
Similarly, you may run into a conflict on the local port. For example, if you wanted to VNC into the target host, the command would inform you to setup port
5900for local forwarding. However, if you have a VNC server running on your own computer on that port, there will be a conflict. To resolve, simple pick a different port on your local computer, eg:
ssh -N -L 5901:localhost:4500 email@example.com
Using your VNC software to connect, you would then use
localhost:5901instead of the default port