DEV Community

Reene
Reene

Posted on • Edited on

[Intranet penetration][Ngrok]Expose local services to achieve front-end and back-end debugging

Intro

Achieve front-end and back-end debugging when outside the local network. Besides a)building vpn in aws [aws vpn],b)reverse ssh tunnel, there introduce another method which is more simple to expose local service, to make private cloud have access to local service.

0.Using Ngrok (intranet penetration tool)

Ngrok is a lightweight intranet penetration tool that can quickly expose local services to the public network. It is very suitable for scenarios where the host does not have a public IP.

1. Configure Ngrok in your mechine

1). Check the system architecture

Run the following command in the terminal to confirm system architecture:

uname -m
Enter fullscreen mode Exit fullscreen mode
  • x86_64: 64-bit architecture.
  • arm or aarch64: ARM architecture

2).Download the correct Ngrok binary

x86_64:

wget https://bin.equinox.io/c/bNyj1mQVY4c/ngrok-v3-stable-linux-amd64.tgz
Enter fullscreen mode Exit fullscreen mode

ARM64:

wget https://bin.equinox.io/c/bNyj1mQVY4c/ngrok-v3-stable-linux-arm64.tgz
Enter fullscreen mode Exit fullscreen mode

3). Unzip the file

Unzip the file you just downloaded:

There I use the ubuntu(aarch64)

tar -xvzf ngrok-v3-stable-linux-arm64.tgz
Enter fullscreen mode Exit fullscreen mode

Once the unzip is complete, you should see a file called ngrok.

4). Install Ngrok

Move the unzipped file to your system's global path, such as /usr/local/bin:

sudo mv ngrok /usr/local/bin
Enter fullscreen mode Exit fullscreen mode

5). Verify the installation

Check that the installation was successful:

ngrok version
Enter fullscreen mode Exit fullscreen mode

If successful, it will display output similar to the following:

ngrok version 3.x.x
Enter fullscreen mode Exit fullscreen mode

2. Get an authtoken

Register an Ngrok account and get an authtoken : https://dashboard.ngrok.com/

  • go to the setting, and configure payment method, and then choose free tier.

After finish setting, go to token.
Authenticate the ngrok agent. only have to do this once. The Authtoken is saved in the default configuration file.

ngrok config add-authtoken <your-token>
Enter fullscreen mode Exit fullscreen mode

3. Run Ngrok again

Now we can use Ngrok normally. For example, to start an SSH tunnel (port 22):

ngrok tcp 22
Enter fullscreen mode Exit fullscreen mode

If successful, Ngrok will output an address similar to the following:

Forwarding tcp://0.tcp.ngrok.io:12345 -> localhost:22
Enter fullscreen mode Exit fullscreen mode
  • Edit ssh_config
sudo vim /etc/ssh/sshd_config

PermitRootLogin yes
PasswordAuthentication yes
KbdInteractiveAuthentication yes
UsePAM yes
#PubkeyAuthentication yes
Enter fullscreen mode Exit fullscreen mode

Image description
now we can access our SSH service from the outside using the following command:

ssh user@0.tcp.ngrok.io -p 12345
Enter fullscreen mode Exit fullscreen mode
  • user: Replace with your host's SSH username (e.g. ubuntu).
  • tcp.eu.ngrok.io and 12345: from the address and port provided by Ngrok.

4.Configuring Ngrok to Auto-Start on Ubuntu Virtual Machine

This guide explains how to configure Ngrok to start automatically on boot with persistent settings on an Ubuntu virtual machine.


# Step 1: Create an Ngrok Configuration File
mkdir -p $HOME/.ngrok2
nano $HOME/.ngrok2/ngrok.yml

# Add the following content to ngrok.yml:
 version: "2"
 authtoken: your-authtoken
 tunnels:
   ssh:
     proto: tcp
     addr: 22

# Or use:
mkdir -p $HOME/.ngrok2 && cat <<EOF > $HOME/.ngrok2/ngrok.yml
version: "2"
authtoken: your-authtoken
tunnels:
  ssh:
    proto: tcp
    addr: 22
EOF

# Save the file and test the configuration
ngrok start --config=$HOME/.ngrok2/ngrok.yml --all

# Step 2: Create a Systemd Service File
sudo nano /etc/systemd/system/ngrok.service

# Add the following content to the service file:
 [Unit]
 Description=Ngrok Service
 After=network.target

 [Service]
 ExecStart=/usr/local/bin/ngrok start --config=/home/<username>/.ngrok2/ngrok.yml --all
 Restart=on-failure
 User=<username>
 WorkingDirectory=/home/<username>
 Environment="PATH=/usr/local/bin:/usr/bin:/bin"

 [Install]
 WantedBy=multi-user.target

# Save and exit the file

# Step 3: Enable and Start the Service
sudo systemctl daemon-reload
sudo systemctl stop ngrok
sudo systemctl start ngrok
sudo systemctl status ngrok

# Enable the service to start on boot
sudo systemctl enable ngrok

# Step 4: Verify Ngrok Auto-Start on Boot
sudo reboot

# After rebooting, check the Ngrok service status
sudo systemctl status ngrok

# Confirm Ngrok is running and its tunnels are active
# Ngrok’s web interface is available by default at http://127.0.0.1:4040





Enter fullscreen mode Exit fullscreen mode

go to dashboard:https://dashboard.ngrok.com/agents

Top comments (0)