affordableCebu
Home » Questions » Computers [ Ask a new question ]

Forward SSH traffic through a middle machine

Forward SSH traffic through a middle machine

SSH tunneling is very confusing to me. I am wondering if I can do this in Linux.

Asked by: Guest | Views: 185
Total answers/comments: 4
Guest [Entry]

"For interactive shell you can use this simple command:

ssh -J <user>@<hostB> <user>@<hostC>

The -J options is for jump."
Guest [Entry]

"If your employer provides a VPN, I'd recommend using that instead.

That way, you won't have to configure any applications specially (even ssh), and you can see any machine behind the firewall. Additionally, all of your traffic will be encrypted by the VPN software, which will add security to any inadvertently or deliberately unencrypted traffic."
Guest [Entry]

"YASS Yet Another Simple Solution

ssh -f -L 2222:HostC_IP_or_Name:22 userOnB@hostB sleep 10 &&
ssh -o HostKeyAlias=HostC -p 2222 userOnC@localhost

First command open a ssh connection to HostB and tell HostB to forward connections from localhost:2222 to HostC:22.
the -f parameter tell SSH to go to background once connection established
Second command open simply a client connection to localhost:2222
Option HostKeyAlias are not required, but could help to prevent connection to wrong host
Nota: command sleep 10 are needed to maintain connection until second ssh command use forwarded port. Then first ssh will close when second ssh leave forwarded port.

you could now run subsequent ssh sessions:

ssh -o HostKeyAlias=HostC -p 2222 userOnC@localhost

Variant:

ssh -f -L 2222:HostC_IP_or_Name:22 userOnB@hostB sleep 10 &&
ssh -M -S ~/.ssh/ssh_HostC22userOnC.sock -o HostKeyAlias=HostC -p 2222 userOnC@localhost

subsequent ssh sessions could be open by running:

ssh -S ~/.ssh/ssh_HostC22userOnC.sock userOnC@localhost

The main advantage of using -M and -S param is that only one connection is open from HostA to HostC, subsequent session won't authenticate again and run a lot quicker."
Guest [Entry]

"Special case, mixed nix platforms:

  hostA (linux) -> HostB (solaris) -> HostC (linux)

If need an X application on hostC, and the intermediate hop is on Solaris box... in this case I found the netcat (nc) needed on the ProxyCommand like so:

hostA:~$ vi .ssh/config:

Host hostC
ProxyCommand ssh hostB nc %h %p # where nc is netcat

Then automatic tunneling works:

hostA:~$ ssh hostC"