HTTPS over SSH tunnels
Managing devices at remote sites without a VPN can be tricky. I frequently find myself needing to access devices behind a remote router, in most cases a Ubiquite Edgerouter or other unix based router. If both devices support SSH this is simple, SSH to the router then SSH to the end device. Sometimes the end device only supports HTTP or other obscure management protocols, in which case we look to SSH Tunneling.
SSH Tunneling allows us to port forward across a ssh tunnel. Here is the command, feel free to modify as you see fit.
ssh -L [local port]:[remote device]:[remote device port] [username]@[remote ssh tunnel host]
For example, lets say we have a remote router, 172.16.251.2, with a device behind it that can only be managed via https at 10.16.251.11. Lets forward that https management port back across the ssh tunnel.
ssh -L 8443:10.16.251.11:443 admin@172.16.251.2
From this point we can access the web management through our local web browser
https://127.0.0.1:8443
Here is the same example, just with http instead of https.
ssh -L 8080:10.16.251.11:80 admin@172.16.251.2
http://127.0.0.1:8080