Balena ssh tunnel to device container

Can I setup an ssh tunnel directly to an application container running on the device?

You can easily get an interactive session to a container:

$ balena ssh f49cefd my-service

I don’t see the option for an actual tunnel, though. Hopefully someone else chimes in.

Thanks for your reply crbn60. I’m specifically looking for tunnelling as I want to run some other services over the tunnel.

Hi, did you already try the balena tunnel CLI command? See

I had never seen that command at all! Brilliant.

Quick ref:

Tunnel local ports to your balenaOS device.

  $ balena tunnel <deviceOrApplication>

  <deviceOrApplication>  device uuid or application name/id

  -h, --help         show CLI help
  -p, --port <port>  port mapping in the format <remotePort>[:[localIP:]localPort]

  Use this command to open local ports which tunnel to listening ports on your balenaOS device.

  For example, you could open port 8080 on your local machine to connect to your managed balenaOS
  device running a web server listening on port 3000.

  Port mappings are specified in the format: <remotePort>[:[localIP:]localPort]
  localIP defaults to 'localhost', and localPort defaults to the specified remotePort value.

  You can tunnel multiple ports at any given time.

  Note: Port mappings must come after the deviceOrApplication parameter, as per examples.

  # map remote port 22222 to localhost:22222
  $ balena tunnel myApp -p 22222

  # map remote port 22222 to localhost:222
  $ balena tunnel 2ead211 -p 22222:222

  # map remote port 22222 to any address on your host machine, port 22222
  $ balena tunnel 1546690 -p 22222:

  # map remote port 22222 to any address on your host machine, port 222
  $ balena tunnel myApp -p 22222:

  # multiple port tunnels can be specified at any one time
  $ balena tunnel myApp -p 8080:3000 -p 8081:9000