Serveo is a combined SSH, HTTP, and TCP server that assigns you your own subdomain when you connect via SSH, then proxies HTTP and TCP connections to your server using SSH port-forwarding tunnels.
Serveo now allows you to expose SSH servers to the internet and conveniently connect to them, using Serveo as an SSH jump host.
Imagine you'd like to remotely access your home server or Raspberry PI using SSH. First, on your server or Raspberry PI, connect to the Serveo SSH server and request remote port forwarding from port 22 to your local SSH server:
ssh -R my-server-alias:22:localhost:22 serveo.net
This establishes a connection between your SSH server and Serveo, which Serveo can later use to forward SSH connections to you.
As long as that connection is open, you can connect to your server over the internet by using serveo.net as a JumpHost.
ssh -J serveo.net user@my-server-alias
The -J option was introduced in the OpenSSH client version 7.3. If you have an older client, you can use the ProxyCommand option instead:
ssh -o ProxyCommand="ssh -W myalias:22 serveo.net" user@myalias
Serveo SSH forwarding also makes an excellent tool for accessing and managing remote Internet of Things devices deployed in unpredictable network environments.
Device developers will probably want to host their own Serveo instance. In these examples, Serveo is running at my-serveo-instance.net.
Each device should use a unique id when requesting SSH forwarding, and may want to connect on port 443 (usually used for HTTPS) in case the network disallows outbound traffic on port 22:
ssh -p 443 -R device-id:22:localhost:22 my-serveo-instance.net
Then, of course, any device can be accessed by its id:
ssh -J my-serveo-instance.net root@device-id
When SSH is used properly, using serveo.net doesn't give Serveo access to your server, nor does it expose data to Serveo. Serveo copies encrypted data between your SSH server and client, but has no way of decrypting the data or sending commands to your server.
To use SSH safely, you must verify that the host key fingerprint is correct, otherwise you may be susceptible to a man-in-the-middle attack.