Wednesday, June 15, 2011

Working Remotely

At Adku, every engineer we hire gets a quad-core iMac with a 12GB memory upgrade and a 15-inch quad-core MacBook Pro with maximum memory upgrades (8GB).  When we're working remotely on our laptops, sometimes we'll realize that we forgot to check-in a piece of code that is sitting on our iMac at work.  If we could ssh into the iMac, we'd be able to check it in and continue where we left off.  The problem is our office is behind multiple NATs which make it hard to set up port forwarding and as a fast moving startup, it's not worth the time to set up our own name server.  We needed something quick and easy.  What we ended up doing was setting up SSH tunnels from our machines at work to an Amazon EC2 instance we call gateway.adku.com.  With the tunnel set up, accessing our machines at work is as simple as SSH'ing to the right port on gateway.adku.com.  Here is how to set one up for yourself.

    On Work Machine:
    # create security group and authorized ports
    # this assumes that you have an amazon ec2 account and 
    # ami-tools and api-tools setup.  
    # setting all that up is straightforward, but outside the scope of this post
    ec2-add-group --region us-east-1 gateway -d gateway
    ec2-authorize --region us-east-1 -p 22 gateway

    # create your gateway machine.
    # your ami may differ.  ubuntu likes to update its amis very often.  
    # also your keypair may have a different name, adjust accordingly
    ec2-run-instances ami-ee857587 --instance-type m1.small --region us-east-1 -k gsg-keypair-east -g gateway

    # note the public url of the newly created machine
    # also optionally setup an easier DNS name such as gateway.adku.com

    On Gateway Machine:
    sudo echo "GatewayPorts yes" >> /etc/ssh/sshd_config
    sudo /etc/init.d/ssh reload

    On Work Machine:
    # 20000 is an arbitrary port, you can choose any open port.  
    # you just have to remember it for later.
    # gateway.adku.com should also be replaced with your public dns name
    ec2-authorize --region us-east-1 -p 20000 gateway
    ssh -nNT -R gateway.adku.com:20000:localhost:22 gateway.adku.com

    And you're done!  

    Now you can get to your work machine from anywhere like this:

    On Any Machine:
    # 20000 is the port from earlier, make sure it matches

    Posted by Jesse Shieh at 2:43 PM 43 comments
    Subscribe to: Posts (Atom)