Serving your Desktop to the World

Being able to access your desktop machine from the outside world is very handy as an entrepreneur / coding addict.

Say you are working on your SaaS product, duct-taped together on a local machine. It's high on your TODO list to prepare automated deployment to a remote server. But there comes a sudden opportunity to pitch to a prospective client.

A quick, effective - and somewhat dangerous - way is to let the outside world access your local HTTP server. Given your dev server is listening on port 3000 locally, forward that to a server in the cloud that has ip a.b.c.d:

ssh -R 8080:localhost:3000 user@a.b.c.d

So now a.b.c.d:8080 is accessible from the outside.. Or not. SSH will by default bind to port 8080 on the loopback interface having ip, not being accessible from the outside. You can verify that by observing the output of netstat -nlp on the server.

If you have root on the remote machine, set GatewayPorts clientspecified in sshd_config, and pass in the all-interfaces remote ip explicitly.

ssh -R user@a.b.c.d

If you don't have root, then redirect the port using a user-space program. I found python-port-forward to be handy, since most servers have python interpreter installed out of the box. Put 9000 localhost 8080 in port-forward.config to expose your server on port 9000.

Warning Leave your machine exposed only as long as needed for the demo. Apply good server config practices locally as well. For example, disable file uploads and jail the webserver root so none of your files get exposed.

Tip I often forget if I should use the -R or -L flag, also the order of the ports in the port1:host:port2 parameter. Never mind, just try a random variation and check what port is bound where using netstat -nlp on both machines.

Tip This technique can also be used to expose your development box through SSH, so you can keep working while on vacation.