Redock
中文 Download Free
Back to guides
Network access

ngrok SSH Forwarding

Create a temporary public TCP endpoint for SSH and use it as a Redock Host.

ngrok is useful when you need short-term SSH access to a machine that is behind NAT or does not have a public IP. It creates a public TCP endpoint and forwards traffic to local SSH on port 22.

Use ngrok only when you need it. The TCP endpoint is a public entry point, so use a strong password or SSH key and stop the tunnel when you are done.

Requirements

  • SSH already works locally on the Mac, Linux machine, or Windows PC.
  • The ngrok agent is installed on that machine.
  • Your ngrok account has an authtoken.
  • TCP endpoints are available for your account. ngrok notes that free-plan TCP endpoints require a valid payment method.

Install and Authenticate

On macOS:

brew install ngrok
ngrok config add-authtoken YOUR_NGROK_AUTHTOKEN

On Windows, install ngrok from the official download or with a package manager, then run the same authtoken command in PowerShell:

ngrok config add-authtoken YOUR_NGROK_AUTHTOKEN

Start SSH Forwarding

Run this on the host machine:

ngrok tcp 22

ngrok prints a forwarding address similar to:

Forwarding  tcp://0.tcp.ngrok.io:12345 -> localhost:22

For Redock, split that address into Host and Port:

Host: 0.tcp.ngrok.io
Port: 12345
Username: your-host-username
Connection Mode: SSH
Auth: SSH Key

Do not include tcp:// in the Host field.

Keep the Address Stable

Random TCP endpoints can change each time the tunnel starts. If you need a stable address, create a TCP Address in the ngrok Dashboard, then start the tunnel with that assigned host and port.

ngrok tcp 22 --url tcp://1.tcp.eu.ngrok.io:12345

The exact hostname and port are assigned by ngrok. You cannot choose arbitrary TCP hostnames or ports.

Security Notes

  • Prefer SSH Key authentication.
  • Restrict SSH users on the host.
  • Stop ngrok when the session is finished.
  • Do not expose weak-password SSH through ngrok.
  • For everyday private access, prefer Tailscale over a public TCP endpoint.
  • Mosh does not work through a simple ngrok TCP SSH tunnel, because Mosh switches to UDP after SSH bootstrap.

Troubleshooting

  • Redock cannot connect: confirm ngrok is still running and the Host/Port match the latest forwarding address.
  • Authentication failed: ngrok forwarding works, but the SSH username, password, or key is wrong.
  • Address changed: update the Redock Host or use a reserved TCP Address.
  • ngrok tcp 22 is rejected: check account plan, billing, and TCP endpoint availability in the ngrok Dashboard.

Official References

Try Redock while following this guide

Steer coding agent and work on your phone.

Get Redock Free