However I have been told in very vague terms there can be another way.
SSH is commonly used to "access the localhost of another machine", so to speak – in addition to interactive shells, it allows you to easily set up tunnels for TCP connections through the server. (It is not in any way limited to just "localhost" access, but that's probably a quite common use.)
With the ssh
or plink
commands, use the -L
option to create a tunnel:
ssh -L <listenport>:<targethost>:<targethost> <sshserver>
plink -v -N -L <listenport>:<targethost>:<targethost> <sshserver>
For example, to create a tunnel to the server's "localhost:80", choosing port 5092 on the client, you would specify -L 5092:localhost:80
as part of the command.
With the graphical PuTTY, go to "Connection > SSH > Tunnels" and add a "forwarded port". Specify some local port (client-side) as source and the program's address (server-side) as destination.
Almost all other SSH clients have the same kind of "tunnel" or "forwarding" setting somewhere.
Programs on the SSH client system will then be able to access the tunnel at localhost:<listenport>
.
There are multiple other methods:
The most direct way would be to reconfigure the program to listen on all addresses, not only the 'localhost' address, so that it would be directly accessible across the LAN (e.g. as http://ubuntupc:8080
) like a normal web server. This does have the downside of exposing the program to the entire local network so it should only be done if you can restrict access using a firewall or in some other way. For that reason, SSH tunnels are often preferred when accessing more sensitive services.
If the program cannot be reconfigured or is too risky to leave open, an HTTP "reverse proxy" could be set up on the same machine to listen for connections instead, and to relay requests to the real program (possibly with authentication). It's how many regular webapps are set up to be exposed to the Internet – the app only listens on localhost but uses a reverse-proxy frontend to handle the requests.
Various ngrok-like "cloud reverse proxy" services could also be used to make the program accessible from everywhere (some such services have options to add authentication, others don't).