Forward a Remote Website Service to Local via SSH (Pop!_OS, Windows)

# Forward a Remote Website Service to Local via SSH (Pop!_OS, Windows) > Author: Junner > Date: 7/16/2025 For example, if you have https service on remote Pop!_OS at `192.169.1.1:443`, and the controller side have ip `140.134.010.101` with hostname `junner`. You want to access the service at here the Windows. ## Controller: Windows 11 `win`+`R` to open a Run window, and type `powershell`. `ctrl`+`shift`+`enter` to open it with Adminstator. In the shell, start ssh service ```ps Start-Service sshd ``` Below commands are optional if you needed. You can skip and [jump](#Remote-Pop_OS) to the remote side operates part. Allow port 22 connection with rule name "OpenSSH-22" ```ps New-NetFirewallRule -Name "OpenSSH-22" -DisplayName "OpenSSH Port 22" -Protocol TCP -LocalPort 22 -Action Allow -Direction Inbound ``` To get the status of the rule: ```ps Get-NetFirewallRule -Name "OpenSSH-22" ``` Out: ```! Name : OpenSSH-22 DisplayName : OpenSSH Port 22 Description : DisplayGroup : Group : Enabled : True Profile : Any Platform : {} Direction : Inbound Action : Allow EdgeTraversalPolicy : Block LooseSourceMapping : False LocalOnlyMapping : False Owner : PrimaryStatus : OK Status : The rule was parsed successfully from the store. (65536) EnforcementStatus : NotApplicable PolicyStoreSource : PersistentStore PolicyStoreSourceType : Local RemoteDynamicKeywordAddresses : {} PolicyAppId : PackageFamilyName : ``` To remove the rule: ```ps Remove-NetFirewallRule -Name "OpenSSH-22" ``` Or disable it temporary: ```ps Disable-NetFirewallRule -Name "OpenSSH-22" ``` To enable it: ```ps Enable-NetFirewallRule -Name "OpenSSH-22" ``` Probably you want to block port 22 after all things done ('cause you'll never use it again): ``` New-NetFirewallRule -Name "Block_SSH_22" -DisplayName "Block SSH Port 22" -Protocol TCP -LocalPort 22 -Direction Inbound -Action Block ``` And check you only block port 22 from this rule: ``` Get-NetFirewallRule -Name Block_SSH_22 | Get-NetFirewallPortFilter ``` Out: ```! Protocol : TCP LocalPort : 22 RemotePort : Any IcmpType : Any DynamicTarget : Any ``` ## Remote: Pop!_OS If you're using a built-in firewall: ``` sudo ufw allow 443 sudo ufw reload ``` Forward the services via `ssh`: ```bash ssh -N -R 8080:192.168.1.1:443 junner@140.134.010.101 ``` ## Controller: Windows 11 And now we can access the website service via `https://localhost:8080/`.