Ct

Chisel TCP/UDP Tunnel on Ubuntu 24.04 LTS

Azure Networking

Chisel, a fast TCP/UDP tunnel transported over HTTP and secured via SSH, from a single self contained binary.

Base
Hardened build
minimal ports, security patches applied at build time
Access
Unique credentials
generated on first boot, readable only by root
Verified
Boots working
services pass a health gate before release
Support
24/7, 365 days
by email and live chat, 24 hour response SLA

Overview

Chisel is a fast TCP/UDP tunnel, transported over HTTP and secured via SSH. A single self contained Go binary is both the server and the client: it multiplexes tunnelled connections over one HTTP connection and authenticates the endpoints with an SSH key exchange, so it traverses restrictive firewalls and proxies while staying end to end encrypted.

It suits teams that need to reach a service behind a firewall or NAT, forward a database or admin port to a workstation, build a lightweight encrypted jump point into a private network, or run a SOCKS capable proxy hop, all authenticated and fingerprint pinned.

Why the cloudimg image

cloudimg delivers Chisel fully installed and running as a server under systemd, so a tunnel endpoint is listening within minutes of launch. The image is secure by default: there is no password or server key baked in, and a unique username, password and SSH server key are generated on the machine's first boot and never shipped inside the image. The server is started with an authentication file so unauthenticated clients are rejected, and reverse tunnels are left off so clients cannot open inbound listeners on the server. The operating system ships fully patched with unattended security updates enabled, and every image includes 24/7 cloudimg support and a step by step deploy guide tested against the exact image you launch.

Common uses

  • Reach a service behind a firewall or NAT by tunnelling it over an authenticated, fingerprint pinned HTTP connection
  • Forward a database, admin or application port from a private network to your workstation
  • Run a lightweight encrypted jump point or SOCKS proxy hop into your own cloud network