{"id":18574451,"url":"https://github.com/proofrock/filetunnel","last_synced_at":"2025-08-29T11:31:04.767Z","repository":{"id":239585265,"uuid":"799945504","full_name":"proofrock/filetunnel","owner":"proofrock","description":"Reverse tunnel to transfer a file to a system you don't have direct access to","archived":true,"fork":false,"pushed_at":"2024-12-02T13:53:52.000Z","size":55,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-17T14:49:20.879Z","etag":null,"topics":["file-server","jump-server","reverse-tunnel","secure-tunnel"],"latest_commit_sha":null,"homepage":"","language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/proofrock.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-05-13T12:08:38.000Z","updated_at":"2024-12-02T13:54:06.000Z","dependencies_parsed_at":"2024-05-17T10:30:32.111Z","dependency_job_id":"8b4908dd-8786-4496-afb5-62e92bc3d960","html_url":"https://github.com/proofrock/filetunnel","commit_stats":null,"previous_names":["proofrock/filetunnel"],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/proofrock/filetunnel","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/proofrock%2Ffiletunnel","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/proofrock%2Ffiletunnel/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/proofrock%2Ffiletunnel/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/proofrock%2Ffiletunnel/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/proofrock","download_url":"https://codeload.github.com/proofrock/filetunnel/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/proofrock%2Ffiletunnel/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":272678077,"owners_count":24975064,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-29T02:00:10.610Z","response_time":87,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["file-server","jump-server","reverse-tunnel","secure-tunnel"],"created_at":"2024-11-06T23:15:26.860Z","updated_at":"2025-08-29T11:31:04.458Z","avatar_url":"https://github.com/proofrock.png","language":"PowerShell","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003e This project has been superseded by [fileconduit](https://github.com/proofrock/fileconduit) and was archived.\u003cbr/\u003e\n\u003e While it works quite well, setting up a SSH jump server is quite complex. For this reason, `fileconduit` was born, and it uses only HTTP. Please visit it if interested.\n\n# filetunnel v0.2.0\n\n**The problem**: You need to copy a file to a remote system to which you only have shell access.\n\n**The BOM**: You have a \"jump server\" wich you can access via SSH from local, and a port on it accessible from the remote system. Nothing else is used on it, only SSH.\n\n**The solution**: You run a script on the local system. The script outputs a `curl` command. You use this `curl` on the remote system to get the file. Or you can use a browser.\n\n**The plus**: The connection is always secure and the file is only stored on the local and remote systems.\n\n---\n\nThis project aids in setting up a tunnel that serves a single file on an encrypted connection, allowing to source it from your system and download it on another system you don't have \"direct\" access to, because under a firewall or such reasons.\n\nIt employs a \"jump server\" to which it will reverse tunnel - via SSH - a local web server it creates. In principle, this jump server can be something you already have, all that is needed is SSH access to it.\n\nIt has been tested under Linux and Windows; it should reasonably work in MacOS too.\n\n## Prerequisites\n\n- A \"jump server\" that you can access via SSH from the source system;\n  - A free port on it, accessible by \"the world\";\n  - SSH on the jump server must be configured to allow remote tunnels (see below);\n- `python` v3 on the source system;\n- `curl` (or a browser) on the destination system.\n\n## Usage\n\n- First, configure the script `filetunnel.sh` (or `filetunnel.ps1` for Windows Powershell) with the needed parameters;\n- Run it with the file to transfer:\n```bash\n./fileserver.sh myFile.binary\n```\n- It will output a `curl` command to use on the destination system to download the file;\n  - You can also use a browser, dealing with the self-signed certificate warning.\n\n## Setup\n\nYou need to ensure that the jump server is set up correctly, then configure the script.\nAfter this, you can simply use it forever and ever ;-).\n\n### Source system\n\nYou'll need python3 and ssh installed. Under Windows, you can use chocolatey to install them.\n\n### The jump server\n\nThis is a \"normal\" server such as a VPS, that you can access via SSH from the source system.\n\nA port must be mapped/accessible from \"outside\", at least from the destination system.\n\nOn ssh, (reverse) tunneling must be enabled. Ensure that you have this setting in `/etc/ssh/sshd_config`:\n\n```python\nAllowTcpForwarding yes\n```\n\nWe'll also need to access the remote-forwarded port from outside. So, set:\n\n```python\nGatewayPorts clientspecified # or 'yes'\n```\n\n**WARNING!** This setting allows the forwarded port (*any* forwarded port, even for other uses) to be globally accessible. Consider the security implications of this.\n\n### Script (for the source system)\n\nDownload `filetunnel.sh` from the [release page](https://github.com/proofrock/filetunnel/releases).\n\nOpen it, and configure the variables in the first section. You'll need:\n\n- `SSH_SERVER`: address to contact the jump server from the source system, using ssh, in form `user@host`.\n- `FILE_SERVER`: IP or DNS name to contact the jump server from the destination system.\n- `PORT`: port on the jump server for the tunnel, accessible from the destination server.\n\nIf you want HTTPS, see the next section.\n\n### Setup https\n\nFirst, generate the certificates using:\n```bash\nopenssl req -newkey rsa:4096 -nodes -keyout key.pem -x509 -days 365 -out cert.pem\n```\nThis will generate a `cert.pem` and a (secret) `key.pem` files.\n\nThen configure `fileserver.sh` to use HTTPS, by setting the relevant variables: \n\n- `DO_HTTPS`: set to `1`.\n- `CERT_FILE`, `KEY_FILE`: paths to the `cert.pem` and `key.pem` files generated by `openssl`.\n\n## How it works\n\nBehind the scenes, the script creates a web server using python, on a free local port assigned by the OS, with a random URL; then reverse tunnels it on the jump server, making it available remotely. \n\nThe `curl` command/browser, when executed on the destination system, will connect to the port and download the file, assigning the correct filename to it.\n\n```mermaid\nsequenceDiagram\n    participant S as Source\u003cbr/\u003e[local system]\n    participant JS as Jump server\n    participant D as Destination\u003cbr/\u003e[remote system]\n    S-\u003e\u003eS: Open a web server locally\u003cbr/\u003efor the file to transfer\n    S-\u003e\u003eJS: Remote tunnel it\n    Note over S,JS: SSH\n    D-\u003e\u003eJS: Downloads the file\u003cbr/\u003efrom the remote tunnel\n    Note over JS,D: HTTP(S)\n    D--\u003e\u003eS: As if it was from the source\n```\n\n## Security\n\n- There is an inherent risk in doing reverse tunneling. It's a good idea to reserve the jump server to this use;\n- The connection between the source system and the jump server is protected by `ssh`;\n- The connection between the jump server and the destination system is protected by (optional) HTTPS, using a user-provided certificate;\n  - Also, the generated URL is random;\n- The local server is bound to 127.0.0.1;\n- Once transferred the file, it's good measure to terminate the script to avoid continued exposure.\n\n## Troubleshooting\n\n## To do\n\n- Adapt and fully test on MacOS\n- Optional \"one shot\" mode: when the file is downloaded, the server exists;\n- Optional compression;\n\n## Build and contribute\n\nIn the `src` folder there is a `build.sh` script that will assemble the files therein and build the \"distribution\" files.\n\nIf you have any good idea, please feel free to hack on it! The code should be fairly simple to understand and change, and doesn't have many dependencies.\n\n## License\n\n```\nfiletunnel v0.1.0 https://github.com/proofrock/filetunnel\nCopyright (c) 2024- Germano Rizzo \u003coss AT germanorizzo DOT it\u003e\nSee LICENSE file (MIT License)\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fproofrock%2Ffiletunnel","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fproofrock%2Ffiletunnel","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fproofrock%2Ffiletunnel/lists"}