Challenge, Easy,  on  NetworkingLinux

Access an Internal Debug Port Through an SSH Tunnel

Ivan Velichko
by  Ivan Velichko

You're on call for Acme. The Acme Checkout API runs on a public-facing VM (app-server, 10.0.0.20) and serves traffic on port 80. The VM is hardened - its firewall only allows inbound :80 (the app) and :22 (SSH).

Alongside the app, the VM keeps an internal debugging port on 127.0.0.1:9000 with goroutine dumps, heap profiles, etc. It is bound to the loopback interface on purpose, so it never gets exposed to the network. You need to query it to investigate an incident and you want to use your favorite tools (e.g., your local coding agent). But you don't want to weaken the server's firewall or rebind the debugging port.

Your task: set up local port forwarding so that the server's 127.0.0.1:9000 debugging port becomes reachable at localhost:8080 on your workstation:

Hint: How local port forwarding works

The debugging port is bound to the server's loopback interface, so it can be reached from within the server but not over the network. SSH local port forwarding (the -L flag of ssh) opens a listening port on your local machine and forwards any traffic that arrives on it - through the SSH connection - to a destination address that the SSH server can reach.

SSH local port forwarding visualized.

Run man ssh and read the -L section, or walk through the example in the SSH Tunnels tutorial.

How to Author Challenges on iximiuz Labs

Instead of providing a subpar online editing experience, iximiuz Labs offers a helper CLI tool called labctl, allowing you to use your favorite text editor (or a full-featured IDE) to write content from the comfort of your local machine.

Install labctl CLI

curl -sf https://labs.iximiuz.com/cli/install.sh | sh

This will download and install the latest version of the labctl CLI. You only need to do this once per workstation.

Authorize labctl

labctl auth login

This will open a browser window asking you to authorize labctl to access your account. You need to do it after a fresh install of labctl and repeat it whenever the auth session expires.

Pull challenge content

labctl content pull challenge ssh-local-port-forwarding

This will create a local copy of the challenge content in a directory named ssh-local-port-forwarding. You only need to do this once per challenge.

Stream your changes

labctl content push -fw challenge ssh-local-port-forwarding

Run this command in a separate terminal to continuously upload your changes to the server while editing the challenge in your favorite text editor or IDE.

You can also use labctl to create, list, and delete your content. Learn more about the available commands: labctl content --help

Start challenge