Saturday, February 19, 2011

Let facebook connect to your pc using reverse ssh tunnel from free Amazon AWS EC2

Developing facebook app (or facebook connect/login/register) on developing workstation requires a callback URL where facebook will forward a user after user approval. is offering a cloud EC2 micro instance to any new user free for one year. And since each EC2 instance has a real IPv4 IP, we can easily utilize that for facebook's required callback url. Well, its not that easy to upload development code to EC2 instance every time that I need to test. The solution is reverse ssh tunnel from EC2 instance to my local pc behind NAT or firewall.

Reverse ssh tunnel allows you use an encrypted tunnel for forwarding a connection to a remote host to your local workstation. To use reverse ssh tunnel one need to open a port from EC2 firewall configuration. I am running Ubuntu 10.04 LTS ami but this should work on all Linux instances.

Say I want to open 9000 port on my EC2 instance. I assume that I am using the 'default' security group (each security group consists of set of firewall rules). To do so, run the following from ec2 command line tool -

ec2-authorize default -p 9000

Also authorize ssl port 22 if done yet.

ec2-authorize default -p 22

Now log in to your ec2 instance and check if the following options exist in /etc/sshd_config file or not. If not, append the the lines to file.

AllowTcpForwarding yes
GatewayPorts yes

Now make the reverse ssh tunnel -

ssh -nNT -R0.0.0.0:9000:localhost:3000 <username>@<ec2_public_dns_or_ip> -i <your_private_key_file_that_ends_with_pem>

(Thanks to Vincent Danen for his tutorial Setting up a reverse SSH tunnel where he shows how to do reverse ssh without opening a terminal). Here is description of the parameters:

-n prevents reading from standard in
-N just set up a tunnel, without opening a console for executing command
-T disable pseudo tty allocation
-R reverse ssh tunnel. This parameter option must be followed by [bind_address:]port:host:hostport
-i your identity file (private key)

Thats it! Now point your browser to

enjoy :)

No comments: