[HowTo] SSH Tunneling: Remote Access webUIs (like Syncthing, Transmission) without portforwards! The safest way


#1

This article explains how to access your OSMC device’s command line via SSH. But if you also want to access other services like Transmission webUI on your OSMC device while you are not at home, you can also use SSH! Instead of getting into your router settings and opening ports (which is very unsafe). You only need to expose the SSH port of your OSMC device, and be done. Nobody can access anything via that port, since it’s only used for SSH.

I do it using PUTTY on Windows and Termius on Android.

How does it work?
The port numbers you enter in the SSH Tunnels section of Putty will forward any request coming from your laptop to the SSH connection. This is possible because you tell your browser to connect to localhost, which is nothing more than your very own laptop. I am not an expert but there is plenty of reading material online to learn more about SSH tunneling.

HowTo on WINDOWS
for Android see post #2.

Step 0: personalise the default OSMC password

https://osmc.tv/wiki/general/usernames-and-passwords/

Step 1: Cleanup your portforwarding

I have only opened up 1 port in my router: external port 2211 (choose a random 4 digit number) which forwards to 22 locally (to the IP of the OSMC machine). When you are abroad, some Wifi Hotspots will only allow you to access port 80 so you could consider using port 80 (external) forwarding to 22 (internal). But I wouldn’t recommend it.

Step 2: SSH into OSMC

Step 3: Set up SSH tunnels

Before you SSH into OSMC using Putty, open Putty and go to Connection>SSH>Tunnels:
Source port: the port of the service
Destination: 127.0.0.1:portoftheservice
Settings: keep it default (Local and Auto)
Hit the ADD button. Example:

Now go back to “Session” in the left pane and hit Save. Now your profile is saved and you can hit Open.

Final step: test it while not connected to your home network

Now when I open a SSH connection using putty while not at home, I can keep putty in the background and if I want to access Transmission I can open my browser and go to:
127.0.0.1:9091
This will give me access to Transmission webUI on my OSMC machine at home, without setting up portforwarding for this port! Plus it is a secure, encrypted connection. What more do you want?


[HowTo] Install and use SyncThing on OSMC
[HowTo] Install and configure a working fail2ban
[How To] Always on, remotely accessible torrent server
#2

howTo on Android:

There are several apps available on Android that allow you to connect to your OSMC via SSH. For example JuiceSSH and ConnectBot. Most apps only support SSH Tunneling in the paid/pro version.
ConnectBot used to be the most simple and lightweight solution, supporting Tunnels/forwarding. Now ConnectBot is no longer maintained but since it is Open Source, a new developer has released VX ConnectBot. Same same, but with a few improvements.

Step 1: get Termius

Step 2: add your host, see the OSMC wiki: https://osmc.tv/wiki/general/accessing-the-command-line/

Step 3: add the ‘port forwards’ to your host (I’ll add a screenshot soon).

Done!


#3

It might be an idea to add as step one to change the password.

While most people would do this automatically, if you give people a step by step guide they can follow “blindly” it can be followed by people who would not think of this.

Cheers