Skip to main content

Providing us access to your Deskpro server that is behind a firewall (Linux) - Knowledgebase / Deskpro Legacy - Deskpro Support

WARNING: You're browsing documentation for an older version of Deskpro. Consider upgrading to Deskpro Horizon

Providing us access to your Deskpro server that is behind a firewall (Linux)

Authors list

Sometimes, an engineer here at Deskpro may request access to your Deskpro server. This might be necessary to help you fix a problem, debug issues, etc. Especially in urgent cases, providing our engineers direct access often means we can help solve problems in mere minutes rather than hours.

If you are running Deskpro on a Linux server, or are running Deskpro in a Linux VM, then it's easy to provide us with direct access -- even when the Deskpro server isn't publicly available on the internet.

This is done by a technique called SSH tunneling. This allows us to invert the connection process: Instead of an engineer here connecting to you, you proactively connect to the engineer here instead. Since this is an outbound connection from the server to us, this usually bypasses the limitations of internal servers or firewalled servers.

This technique is secure, and you keep full control. The tunnel must be opened explicitly by you, and it's alive only as long as you want it to be.

How To

1) Get your public key

One of our engineers will ask you for your SSH public key for your root user. You obtain this by connecting to your Deskpro server via SSH and getting the contents of your key. For example:

cat ~/.ssh/

...a long string of characters here...

This might fail if you don't have a key generated yet. If that's the case, you can create one as described here. Make sure to use your default key name (id_rsa).

2) Install our public key

Our engineers will send you our public key for you to install on your server. This enables us to securely connect to you without your needing to expose any passwords.

Our key will be a long string of characters (it will look similar to your own). You need to copy and paste this to a new line in a file:

nano ~/.ssh/authorized_keys

...paste our key on a new line and then press CTRL+O to save, and CTRL+X to close...

2) Start the tunnel when asked

When we're ready, we'll ask you to start the tunnel. This is done by executing the following command:

ssh -vvv -N -R 12345:localhost:22 OUR_IP

(Where "OUR_IP" is an IP address our engineers will give you).

You need to keep this command running on your screen until we're done. If you stop the command or close your screen, then the tunnel will close, and we'll not be able to access your server.

If you want to keep the tunnel open in the background (i.e. so you can leave it open for us), you can run it in the background like this:

ssh -f -N -R 12345:localhost:22 OUR_IP

Note the addition of the -f flag which runs the command in the background.

Helpful Unhelpful

27 of 57 people found this page helpful

Add a comment

Please log in or register to submit a comment.

Need a password reminder?