Wednesday, June 29, 2016

tunnel - SSH to Remote host via another host



I am trying to ssh to remote Host B, but network access control governs I am only able to do this via Host A. How would I go about doing that?




Have tried creating a tunnel to Host A
ssh -f -N -D 2222 user@hostA



Then when creating new ssh connections from Local specifying tunnel port to tunnel those connections, but cant get this working..
ssh -L 2222:hostB:22 hostA



Hosts involved:
Local
Host A (local intranet)
Host B (internet)




Flow of traffic:
Local > HostA > HostB



Any pointers would be super hand.. thanks in advance!


Answer



Your thought of using a dynamic port forward for this will never work. Think through it logically - you need to open a local port that forwards from your local machine, through hostA, to port 22 on hostB. There are a couple of ways you can achieve this. First, the inelegant, manual way:



First, set up the tunnel:




$ ssh -L2222:hostB:22 user@hostA


Then, connect to hostB:



$ ssh -p 2222 user@localhost


The preferred option is to use the ssh client's ProxyCommand directive, which can automate this for you. Add something like this to your ~/.ssh/config:




host hostB
Hostname hostB
ProxyCommand ssh user@hostA nc %h %p 2> /dev/null


After doing this, you can do this:



$ ssh hostB



...and the ssh client will take care of everything for you.


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...