ssh port forwarding (tunneling in HPC)
I have an application server that runs on a compute node. The server opens a port (9000) and I then run a command for tunneling between my local machine and the server:
ssh -N -f -L 9000:compute-node:9000 user@myhpc
Once this is done I can essentially use my server's web interface on a browser with localhost:9000
I use ecdsa -b 521
encryption with password-less authentication, the public key has been copied to the HPC. I was told that this command exposes the HPC to the internet and it's not safe. I'm a bit skeptical about this answer and I would like to have opinions on the safety of tunneling in this manner.
Solution 1:
The statement is incorrect. That's just a local port redirect through your SSH connection that is authenticated with your SSH keypair.
There is nothing insecure in doing that, it has the same degree of security of just connecting over SSH to the server. The service is not exposed to the internet after the creation of the tunnel, it's only available to the machine issuing the ssh
command.