Where to begin with openziti?

Since you’ve opened port 22 for SSH - you can also create a “ssh over ziti” service.

# delete steps to try again... if you want :)
ziti edge delete service normalSshSvc
ziti edge delete config normalSshSvc-host.v1
ziti edge delete config normalSshSvc-intercept.v1
ziti edge delete service-policy normalSshSvc-binding
ziti edge delete service-policy normalSshSvc-dialing
ziti edge delete identity normalSshSvcServer
ziti edge delete identity normalSshSvcClient

# make some identities
ziti edge create identity device normalSshSvcServer -o normalSshSvcServer.jwt
ziti edge create identity device normalSshSvcClient -o normalSshSvcClient.jwt

# make the overlay objects
ziti edge create config 'normalSshSvc-host.v1' host.v1 '{"protocol":"tcp", "address":"127.0.0.1","port":22}'
ziti edge create config 'normalSshSvc-intercept.v1' intercept.v1 '{"protocols":["tcp"],"addresses":["normalSshSvc.ziti"], "portRanges":[{"low":22, "high":22}]}'
ziti edge create service 'normalSshSvc' --configs 'normalSshSvc-intercept.v1','normalSshSvc-host.v1'
ziti edge create service-policy 'normalSshSvc-binding' Bind --service-roles '@normalSshSvc' --identity-roles '@normalSshSvcServer'
ziti edge create service-policy 'normalSshSvc-dialing' Dial --service-roles '@normalSshSvc' --identity-roles '@normalSshSvcClient'

# enroll the 'server' identity (where you will ssh to)
ziti edge enroll normalSshSvcServer.jwt
sudo ./ziti-edge-tunnel run -i normalSshSvcServer.json

# enroll/use this identity in your "desktop edge" or ziti-edge-tunnel
sudo ./ziti-edge-tunnel run normalSshSvcServer.json

run all that and you’ll be able to ssh to your machine and close port 22