Usage
The sshforward.net client makes your local SSH server reachable from the internet through an encrypted tunnel.
Quickstart
1. Sign Up
Create a free account and pick your handle (e.g. alice).
2. Download & Install
Download the client, then on the machine you want to reach:
sudo sshforward.net install
The installer logs you in, registers your machine, and starts a system service.
Your machine gets a name like myserver.alice and stays online automatically — even after reboots.
3. Connect
From any other computer:
sshforward.net connect myserver.alice
That's it. Your machine is now reachable from anywhere.
Connecting to Your Machines
Once your machine is online, connect to it from anywhere:
sshforward.net connect remote-machine
Or using standard SSH with sshforward.net as a jump host:
ssh remote-machine -J sshforward.net
Or connect directly from your browser — open your machine's page in the dashboard and click Connect in Browser. No SSH client required.
Secure Connect
By default, anyone who knows your machine's name can connect to it. Secure Connect restricts access so that only you and your team members can reach the machine.
When enabled:
- The jump host method (
ssh -J) is disabled — only sshforward.net connect works
- Connection attempts from other users are rejected
To enable it, open your machine's page in the dashboard and toggle Enable Secure Connect.
You can also enable Secure Connect by default for all newly registered machines in your account settings.
Dashboard
You can view running status and metrics of running logged in machines online:
Installation as a Service
You can install the client as a system service. It will start alongside the system and automatically
reconnect when needed:
sudo sshforward.net install
Or with disabled metrics:
sudo sshforward.net --no-metrics install
Uninstalling
Use sudo sshforward.net uninstall to uninstall the service.
On macOS, use:
sudo sshforward.net uninstall-pkg
This command removes the installed package.
Ad-Hoc Connections (No Registration)
You can use sshforward.net without an account for quick, temporary connections.
- Start Client using
sshforward.net adhoc -e which
will print your name <remote>
Show
$ sshforward.net adhoc -e
Username for SSH-Server: user1
Password for SSH-Server: UrPpeDbquKmV
It works! you are now connected to sshforward.net
In order to reach your machine using, enter:
sshforward.net connect remote
or
ssh remote -J sshforward.net
- Now simply connect to it using
sshforward.net connect <remote> or ssh <remote> -J sshforward.net
- To use your system's SSH, omit the
-e argument
- For more options see
sshforward.net adhoc --help
For a detailed walkthrough, see the ad-hoc connections guide.
Docker
Using the docker image, it's easy to create a permanent service running.
- The client docker image is available as
docker.sshforward.net/client
- Anonymous Session:
sudo docker run --network=host -it --rm docker.sshforward.net/client adhoc
- Starting a logged in Session
$ sudo docker run --network=host -it --name sshforward docker.sshforward.net/client run-logged-in
Username: < your username >
Password: < your password >
Hello client, you are logged in.
Logged in
# Running:
$ sudo docker start sshforward
- Automatically starting service upon restart:
sudo docker update --restart=unless-stopped sshforward
- Ephemeral Container
- You may run it temporarily
--rm, while maintaining a persistent state through a named volume.
- Only the first time you run it, you'll be prompted to log in.
sudo docker run -v sshforward-config:/config --network=host -it --rm docker.sshforward.net/client
Running a Single Session
If you don't want to install a system service, you can run the client directly:
sshforward.net run
This starts a single session in the foreground — no sudo required. Your machine stays online as long as the process runs. Useful for quick access or testing before committing to a full install.
Embedded SSH Server
If the target machine doesn't have an SSH server, sshforward.net includes a built-in one. Just add -e:
sshforward.net run -e
A random password is generated on each run and only printed once. You can set one, using
--embedded-ssh-password <password>.
Add -r to let sshforward.net use the last password.
For more configuration options, call sshforward run --help.
Options
Metrics
By default, system metrics (e.g. CPU Usage, Operating System Name, Free Disk Space) are sent to the backend. You can
disable this by updating the setting:
sshforward.net --no-metrics persist
Metrics are shown upon Machines section if you log in, helping you to keep an eye on your machines.
How It Works
NAT and Dynamic IP Addresses
Inside a strict NAT network one can't simply connect to a client.
sshforward helps here out by acting as a link between two clients.
Firewalls
Firewall configurations may prevent an incoming and or outgoing connections on port 22.
If you use the connect method of sshforward, alls connections are done via HTTPS on Port 443, helping to avoid potential
firewall issues.
Security
- The connection between the client and our server is encrypted using TLS
- The connection to your machine is end-to-end encrypted by SSH.
- The browser terminal is also end-to-end encrypted — the SSH protocol runs entirely in your browser, so our server never sees your session.
FAQ
- Are permanent connections available?
- Permanent connections are possible using logged in sessions.
- Do you need a running SSH Server?
- No, it is recommended, but sshforward.net also contains an integrated one, however still limited.
- Are other platforms (e.g. Windows) supported?
- We are working on it.
- Which ports are used?
- We use port 443 (outgoing) for communication. The SSH Jump server is using port 22 for incoming connections. The
connect method only uses 443.
- How does sshforward compare to other tools?
- See our detailed comparisons:
