sish, an open source self hosted SSH tunnelling server that publishes any local service on a public URL over a plain ssh remote forward.
sish is an open source, self hosted SSH tunnelling server, a drop in alternative to ngrok and serveo that you run on your own infrastructure. It runs an SSH server whose only job is forwarding and multiplexing, so anyone can expose a local HTTP, TCP or TLS service on a public URL using an ordinary ssh remote forward, with no custom client for end users and no third party relay in the path. One server multiplexes many concurrent tunnels for many users, with HTTP subdomains, fixed or random TCP ports, private aliases and SNI routing.
The cloudimg image is hardened and fully patched with sish preconfigured and running as a systemd service. It ships secure by default with no known credentials: authentication is forced on and the authorized key list ships empty, and first boot generates a unique SSH host identity, a unique authorized tunnel key written to a root only credentials file, and a per instance TLS certificate before the server will start, so there is never an open unauthenticated window. The tunnel ingress is kept separate from the management SSH service, a built in self test proves a real tunnel round trips, and every instance is backed by a paired deploy guide and 24/7 cloudimg support.