Skip to main content

Secure Remote Access for Specific Users with WebRelay

There might be situations where you need to provide temporary access to a remote service for a particular individual. Whether it's for debugging, consulting, or other activities, WebRelay has got you covered. With WebRelay, you can easily assign access rights to a specific user when initiating a service.

How to Provide User-Specific Access

1. On the Remote Machine

Step 1: Start the Echo Service

Here, we'll initiate the simple echo service using netcat:

nc -l 12345 -k -c 'xargs -n1 echo'

Breakdown of the command:

  • -l - Instructs netcat to listen for incoming connections.
  • 12345 - Specifies the port to monitor.
  • -k - Ensures netcat remains ready for subsequent connections after the current one concludes.
  • -c 'xargs -n1 echo' - Sets up an echo service to read and reflect inputs line-by-line.

Step 2: Launch the Service with User Restriction

Use the following command:

webrelay service start -p 12345 -n echo -t tcp -u 127.0.0.1 --user john.doe@email.com

What this accomplishes:

  • -n - Assigns the name 'echo' to the service.
  • -t - Designates the service type as TCP (you can also use -t http for HTTP services).
  • -u - Points to the upstream host, in this case, '127.0.0.1'.
  • -p - Provides the port number of the upstream service.
  • --user - Restricts access only to the specified user's email.

2. On the Local Machine (User-Specific)

Step 1: View Available Services

Check the services available to you:

webrelay service list

The echo service should appear in the list:

service list

Step 2: Map the Service to a Local Port

Execute:

webrelay client -n echo -p 9100

This command bridges the remote service to a local port, enabling you to use the service as if it's local. It'll be available at localhost:9100.

Step 3: Test the Connection

To test the service, use telnet:

telnet localhost 9100

To discontinue the service, hit Ctrl+C. This action will sever all active connections.

Ownership & Authority

Service ownership remains with the person who initiated it. Only they have the rights to start, halt, or modify the service. This approach guarantees that the service's control remains exclusive, reducing chances of misuse.

This enhanced documentation offers clearer steps and explanations, ensuring users can effortlessly navigate through the process of using WebRelay for user-specific remote access.