Prepare to work from home

March 27, 2020

Working from home recently became essential for most engineers. Our team wanted to share six simple steps that you can do to access your company’s servers and network equipment from your home network.

1. Get Termius on your work machine

Download and install Termius on your work machine. Termius supports Windows, MacOS, and Linux.

2. Create an account

Create an account to sync your data between work and home machines. After the first start the app will offer creating an account. The data is encrypted on the device before being uploaded to the cloud.

3. Add servers and network equipment

In Termius, any piece of equipment represented as a host. Creation of a host is required for accessing it in SFTP, Port Forwarding rules and Host Chains. You can add hosts manually or import from ~/.ssh/config or other SSH clients.

4. Setup external access.

Quite often, resources are behind the firewall and can be accessed only via bastion host or HTTP Proxy. Termius supports Bastion or Jump hosts via the Host Chain feature. Host Chain provides the same functionality as the -J argument in ssh and ProxyJump option in ~/.ssh/config. Those options are only available for SSH connection. You can use Port Forwarding for Telnet connections.

A great way to set the external access for a bunch of hosts is by adding them to a group and changing the settings below for this group. Btw, Groups in Termius are a convenient way to set almost all shared settings.

Adding Bastion Host or Proxy at Termius

4.1 Bastion or Jump Host

  1. Create and test connection for the Bastion host
  2. Create the Target host in Termius. Test connection from the internal network, if possible.
  3. Add the Bastion host as the first item in the Host Chain of the Target host
  4. Test connection

4.2 HTTP / SOCKS Proxy

Go to the Host Edit screen go set up a connection to a host via HTTP/SOCKS Proxy.

4.3 SSH Tunneling / Port forwarding

Using the SSH port forwarding, you can tunnel application ports from the client machine to the server machine or vice versa. This mechanism could be used in your company to opening backdoors into the internal network from your home machine.

4.3.1 Local Port Forwarding

Local forwarding lets you access a remote server’s listening port as though it were local. An example of this technique would be to forward port 3306 (MySQL) to your local machine as port 3306, allowing you to use the MySQL server as though it were running on your local computer.

4.3.2 Remote Port Forwarding

Remote forwarding opens a port on the remote machine and forwards connections to your local device. An example of this technique would be to open port 8080 on the remote machine and forward requests made on that port to your local machine as port 8080.

4.3.3 Dynamic Port Forwarding

Dynamic Port Forwarding enables accessing multiple services from your remote office computer (databases, websites) on your local home computer. Starting multiple local port forwarding rules achieves the same result but a bit daunting to set up. Instead, you can create one dynamic port forwarding rule and access all the services using SOCKS Proxy.

5. Emulate external access to test connections.

It’s better to test this setup before you can rely on it. One of the easiest methods is to sync your data to your mobile, switch WiFi off, and test the connections using 3G or LTE connection. Termius supports both iOS and Android. Download Termius for iOS or Android and login to your account.

6. Help your teammates

An optional step is to share this setup with your teammates if you maintain the infrastructure together, and you want to save their time on setting up their accounts. The sharing of groups is a part of Termius for Teams, which you can try for free for 14 days. Create an account and invite your teammates here.

← all posts