1

I have an application server that runs on a compute node. The server opens a port (9000) and I then run a command for tunneling between my local machine and the server:

ssh -N -f -L 9000:compute-node:9000 user@myhpc

Once this is done I can essentially use my server's web interface on a browser with localhost:9000

I use ecdsa -b 521 encryption with password-less authentication, the public key has been copied to the HPC. I was told that this command exposes the HPC to the internet and it's not safe. I'm a bit skeptical about this answer and I would like to have opinions on the safety of tunneling in this manner.

moth
  • 111
  • 4

1 Answers1

1

The statement is incorrect. That's just a local port redirect through your SSH connection that is authenticated with your SSH keypair.

There is nothing insecure in doing that, it has the same degree of security of just connecting over SSH to the server. The service is not exposed to the internet after the creation of the tunnel, it's only available to the machine issuing the ssh command.

Vinícius Ferrão
  • 5,520
  • 11
  • 55
  • 95
  • obrigado. But anyone with access to the server can open the port and access the contents of my local PC right ? – moth Jul 21 '21 at 07:47
  • Yes. Since the port is open on your system, anyone inside YOUR system can fire up a browser on localhost:9000. – Vinícius Ferrão Jul 21 '21 at 16:59