1

I have a Raspberry PI with a Syncthing Admin-Web-UI binding to localhost:8384.

I can access this UI from my laptop using SSH-tunnel:

$ ssh me@raspberrypi -Llocalhost:8384:localhost:8384
$ chrome http://localhost:8384

Now I would like to delete this ssh call, so I can always access my Syncthing on Raspberry PI at http://localhost:8384 (if at home). For this I'm using xinetd.

I have /etc/xinetd.d/raspberrypi-syncthing:

service raspberrypi-syncthing
{
    type        = UNLISTED
    socket_type = stream
    protocol    = tcp
    user        = root
    wait        = no
    port        = 8384
    bind        = 127.0.0.1
    server      = /usr/bin/ssh
    server_args = -T me@raspberrypi nc 127.0.0.1 8384
    flags       = noretry
    instances   = UNLIMITED
}

It works, but time to time I get multiple instances of ssh all indefinitely running at 100% CPU.

I have the same issue with other services, so Syncthing is not to blame.

My questions:

  • How can I fix ?
  • If not fixable, any other (better) ideas on how to delete ssh -L step?
Boris Brodski
  • 111
  • 2
  • One way to avoid that whole ssh port-forwarding issue is stop binding your Admin-Web-UI service to localhost and let it bind to all interfaces/IP's - Then you can simply point your browser to `http://raspberry:8384` - but home topics are off-topic here – diya Sep 16 '22 at 11:33
  • Sure, I could, but binding to 0.0.0.0:8384 is not secure enough. Also it leads to the usage of HTTPS/SSL, Certificates and proper domain names. All that I don't really need, if I'm dealing with just an Admin-UI. – Boris Brodski Sep 16 '22 at 11:47

0 Answers0