zishuo/Servo
1
0
Fork 0
mirror of https://github.com/antoniomika/sish.git synced 2025-10-18 21:14:46 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
8268a9c9e72213e727a0dfe8c2025b66f5fff393
Servo/docs/posts/how-it-works.md
Eric Bower 0c4f193f7d feat: docs site (#286) 
* feat: docs site

* docs: copy

* chore(docs): update cli post

* revert

* chore: go.mod
2024-01-29 10:17:13 -05:00

79 lines
2.5 KiB
Markdown
Raw Blame History

---
title: How it works
description: Technical details for sish
keywords: [sish, how, works]
---
SSH can normally forward local and remote ports. This service implements an SSH
server that only handles forwarding and nothing else.
But let's first take a step back and illustrate some basic examples of how
things work without `sish`. Let's start with a simple port forward:
# Port Forward
Here Eric has a web server hosted on its `localhost:3000`. Eric has to forward
its localhost connection to Tony in order for him to access the web server.
<div class="hiw">
<img src="./hiw-port-forward.png" alt="hiw-port-forward" />
</div>
This is manual, arduous, and sometimes difficult to get to work properly because
of firewalls. So many people opt to setup a VPN that both Eric and Tony can
connect to.
# Traditional VPN
Now both Eric and Tony connect to the VPN service and then Tony can access
Eric's web server via Eric's VPN IP.
<div class="hiw">
<img src="./hiw-vpn.png" alt="hiw-vpn" />
</div>
Great! But this requires both Eric and Tony to connect to the VPN service. What
if Eric wants to share the web server with multiple users that are **not**
connected to the VPN? Sometimes it isn't feasible or appropriate to have
everyone connect to your VPN.
# sish Public
Enter `sish`. Using just SSH and a `sish` service, Eric can create an SSH remote
port forward to connect to `sish` which will automatically create a public URL
that **anyone** can access.
<div class="hiw">
<img src="./hiw-sish-public.png" alt="hiw-sish-public" />
</div>
Very nice! Tony doesn't have to worry about firewall issues, setting up and
connecting to a VPN, and anyone else can also access the web server via URL.
This is the real power of leveraging `sish`.
But what if we want the web server to be private so only Tony can access the web
server using `sish`?
# sish Private
In this example both Eric and Tony setup an SSH tunnel to `sish`:
- Eric sets up a remote port forward tunnel
- Tony sets up a local port forward tunnel
<div class="hiw">
<img src="./hiw-sish-private.png" alt="hiw-sish-private" />
</div>
> NOTE: The remote tunnel command needs to include `tcp-aliases-allowed-users` with
> Tony's pubkey fingerprint
```bash
ssh -R private:3000:localhost:3000 tuns.sh tcp-aliases-allowed-users=SHA256:4vNGm4xvuVxYbaIE5JX1KgTgncaF3x3w2lk+JMLOfd8
```
This creates a private connection between Eric and Tony that allows Tony to
access Eric's local web server without anyone else having access to it!
[Learn more](/cheatsheet#https-private-access)
Reference in New Issue View Git Blame Copy Permalink