I’m installing SolusVM as a virtualization management system. It lets you manage your private cloud via a Web browser, set up resellers, and so on. When you first log in, the administrative interface locks itself down so that you can only log in from one IP address, in a sort of implicit whitelist. You must explicitly add other addresses. That’s fine, even reasonable. I had three address ranges to add: my office, the headquarters, and Fearless Leader’s office. So I went into the management interface and explicitly added the headquarters’ addresses.
And I was locked out of the management interface. Apparently the explicit whitelist permitting HQ overwrote the implicit whitelist permitting my workstation.
I could have opened a ticket with SolusVM and admitted that I’d ignorantly locked myself out. But I don’t like interacting with vendors. I could have driven into the office, but that would involve changing out of my bathrobe. That left logging into the management workstation via a web browser from headquarters. I’m not going to talk one of my coworkers through it if I can avoid it.
Instead, I used SSH dynamic forwarding to connect to the SolusVM head node from an IP address at headquarters.
You can do this with an OpenSSH server and either a PuTTY or OpenSSH client. I chose to use PuTTY because that was the computer on the couch with me. I have several OpenSSH servers at headquarters.
Open a new PuTTY session. Enter the host, username, and server port as normal. Before opening the session, go to the left-hand side of the screen and select SSH -> Tunnels. Enter a “Source port” of 9999. Near the bottom, select “Dynamic.” Now open your SSH connection.
You now have a SOCKS proxy running on your computer. All traffic sent to port 9999 is sent over your SSH session. Your SSH server connects you to the Internet.
Go to your Web browser’s connection settings. In firefox, it’s Tools->Options->Advanced. Select the Network tab, then Settings. Select Manual proxy settings, then enter a SOCKS host of 127.0.0.1 port 9999. Select the SOCKS5 button. Exit the menus, hitting OK all the way back.
Now your Web browser connects to the Internet via the SOCKS proxy running on your computer. You’re browsing the Web from the IP address of your SSH server.
This is much faster than remote browsing options such as Remote Desktop or forwarding X11 over SSH. And it let me log into my SolusVM console without having to communicate with another human being, so everybody wins.
Of course, you could learn about this sort of trick and more in my new SSH book.