SSH tunnel server + agent with reverse port forwarding

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for leoustc from gravatar.com leoustc

Unverified details

These details have not been verified by PyPI
Meta
Report project as malware

Project description

ssh-tunnel-gateway

Single Python package that ships both the server and agent CLIs.

Install

On the gateway server host:

pip install ssh-tunnel-gateway

On each agent host:

pip install ssh-tunnel-gateway

Quick Start (ProxyJump)

  1. On the gateway server host, start server:
API_KEY="change-me" ssh-tunnel-server
  1. On the agent host, start agent:
ssh-tunnel-agent --api-key change-me --endpoint http://<gateway_host>:12000 --reverse-bind-host 127.0.0.1
  1. Get port_b from the agent side:
  • Foreground mode prints a log line with port_b.
  • Session file is always written to ${STATE_DIR}/session.json (default ./data/session.json):
cat ./data/session.json

Get only port_b:

python3 -c 'import json; print(json.load(open("./data/session.json"))["port_b"])'
  1. Add user SSH config (~/.ssh/config):
Host GWServer
    HostName <gateway_public_ip_or_dns>
    User <gateway_ssh_user>
    Port 22

Host AgentServer
    HostName localhost
    User <agent_ssh_user>
    Port <port_b_from_agent_session_json>
    ProxyJump GWServer
  1. Connect:
ssh AgentServer

Server Usage

Foreground:

API_KEY="change-me" ssh-tunnel-server

Systemd mode:

API_KEY="change-me" ssh-tunnel-server -d

Agent Usage

Foreground:

ssh-tunnel-agent --api-key change-me --endpoint http://server:12000

If --agent-id is not provided, agent generates a UUID once and caches it locally for future restarts. Agent writes current session info (including port_b) to ${STATE_DIR}/session.json by default.

Default reverse bind host is 127.0.0.1 (gateway loopback) for ProxyJump style access. Use --reverse-bind-host 0.0.0.0 only if you intentionally want direct public access to port_b. If not set, agent follows the server-provided reverse bind host.

Systemd mode:

ssh-tunnel-agent -d --api-key change-me --endpoint http://server:12000

In -d mode, register/startup failures exit immediately so systemd can restart the unit.

Systemd Usage

Server unit (/etc/systemd/system/ssh-tunnel-server.service):

[Unit]
Description=ssh-tunnel-gateway server
After=network-online.target
Wants=network-online.target

[Service]
Type=simple
User=gw-tunnel
WorkingDirectory=/opt/ssh-tunnel
EnvironmentFile=/etc/ssh-tunnel/server.env
ExecStart=/usr/local/bin/ssh-tunnel-server -d
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target

Example server env (/etc/ssh-tunnel/server.env):

API_KEY=change-me
SERVER_PORT=12000
SSH_USER=gw-tunnel
AUTHORIZED_KEYS_PATH=/home/gw-tunnel/.ssh/authorized_keys
AGENT_REVERSE_BIND_HOST=127.0.0.1

Agent unit (/etc/systemd/system/ssh-tunnel-agent.service):

[Unit]
Description=ssh-tunnel-gateway agent
After=network-online.target
Wants=network-online.target

[Service]
Type=simple
User=root
WorkingDirectory=/opt/ssh-tunnel
EnvironmentFile=/etc/ssh-tunnel/agent.env
ExecStart=/usr/local/bin/ssh-tunnel-agent -d
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target

Example agent env (/etc/ssh-tunnel/agent.env):

API_KEY=change-me
API_URL=http://<gateway_host>:12000
SSH_HOST=<gateway_host>
SSH_PORT=22
LOCAL_TARGET_HOST=127.0.0.1
LOCAL_TARGET_PORT=22

Enable and start:

sudo systemctl daemon-reload
sudo systemctl enable --now ssh-tunnel-server
sudo systemctl enable --now ssh-tunnel-agent

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for leoustc from gravatar.com leoustc

Unverified details

These details have not been verified by PyPI
Meta

Release history Release notifications | RSS feed

0.4.3

0.4.2

0.4.1

0.4.0

0.3.0

0.1.8

0.1.7

0.1.6

This version

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ssh_tunnel_gateway-0.1.5.tar.gz (13.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

ssh_tunnel_gateway-0.1.5-py3-none-any.whl (17.1 kB view details)

Uploaded Python 3

File details

Details for the file ssh_tunnel_gateway-0.1.5.tar.gz.

File metadata

  • Download URL: ssh_tunnel_gateway-0.1.5.tar.gz
  • Upload date:
  • Size: 13.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.14

File hashes

Hashes for ssh_tunnel_gateway-0.1.5.tar.gz
Algorithm Hash digest
SHA256 1c168b8cc05259e25c94b910744d0f10fb04ea750f0d1b12ec9102780767f7de
MD5 aed6aa1fdcd5f427cee2118446a0598d
BLAKE2b-256 680929b20b21d2bc605a109897dc443821c0060e0a4ae9fca462ab6729aa550e

See more details on using hashes here.

File details

Details for the file ssh_tunnel_gateway-0.1.5-py3-none-any.whl.

File metadata

File hashes

Hashes for ssh_tunnel_gateway-0.1.5-py3-none-any.whl
Algorithm Hash digest
SHA256 e94dbaf2053e691f32526b2d14cba53df8b7c779b33931a5b79a0a11cad70edb
MD5 c61cdaf3c9b7d0af42f22ac0278fa3e5
BLAKE2b-256 89ce72077fde40f28cec4e9120640e9dab57ed8f8951e2deae1d4d4bd7ba7bc6

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page