SSH, via a Jump Host, with a dynamic port number
Solution 1:
Second partial solution, inspired by @anx...
Create a socket file
ssh -R '/path/to/socket-file:localhost:22' tunnel@jh
Then, to use this socket (from the Jump Host), I can use socat
:
ssh -o "ProxyCommand socat - UNIX-CLIENT:/path/to/socket-file" localhost
The use of socat
seems like an unnecessary step, where I'm sure there must be a way to get the ssh
command to use the socket file directly, but I can't find it yet.
I've also not found how to use this socket file from my computer (as ProxyCommand is run on localhost, not on the JumpHost).
I should also note; as the tunnel
account (on the Jump Host) is very restricted (it's only there to establish these tunnel connections), I need to set StreamLocalBindMask=0111
so my account on the Jump Host can use this socket file. Likewise, the old socket file should be removed if a new connection is established, via StreamLocalBindUnlink=yes
.
Both of these options need to be set on the Jump Host, in "/etc/ssh/sshd_config":
Match User tunnel
StreamLocalBindMask 0111
StreamLocalBindUnlink yes
Unfortunately Match
rules are ignored in "/etc/ssh/sshd_config.d/tunnel.conf" before OpenSSH 8.4, released September 27 2020 (bug report), and this isn't currently available on Ubuntu 20.04.1 LTS.