SSH tunnel over multi hops using putty
Putty does support ssh tunnels, if you expand the Connection, SSH tree, you'll see an entry for tunnels.
Local tunnels produce a localhost port opening on your windows machine that remotes to the ip address and port you specify. For instance, when I'm trying to RDP to a desktop at my house, I'll generally choose a random local port, something like 7789, then put the local ip address of the desktop (1.2.3.4:3389) as the remote host. Be sure to click "Add", then "Apply." At this point, when you rdp to 127.0.0.1:7789, you'll then connect to 1.2.3.4:3389 over the putty session.
This is where the fun comes in. If you then setup a port tunnel on your intermediate box, setting up the local port you specified as the remote port in putty, you can then bounce through your putty, through the intermediate box your final destination. You'll still need to do a few ssh connects, but you'll be able to cross vnc or rdp directly from the windows system once you're set, which is what I believe you're looking to do.
EXAMPLE
- Head over to the tunnels panel in Putty (Connections->SSH->Tunnels accessed either from the context menu if the ssh session is already active, or in the beginning connection screen when just starting putty)
- Create a tunnel with local source 15900, and remote source 127.0.0.1:15900
- Connect (if not already connected) to Gateway1.
- On Gateway1, ssh -L 127.0.0.1:15900:VNCServerIP:5900 user@Gateway2
- Once the ssh to Gateway2 is up, attempt to vnc to 127.0.0.1:15900 -- you should now see the VNC screen on the far side!
ADDED BONUS -- not many people know this, but this process can also be used to proxy IPv6/IPv4 traffic as well. SSH doesn't care what protocol it uses for the tunnels, so you can theoretically access IPv6 only hosts from an IPv4 only system, given that the ssh server is dual stack (has both IPv4 and IPv6 addresses.)
There is an alternate if you want to use PuTTY for both hops. In this example we are hopping from Gateway #1 (10.0.1.123) to Gateway #2 (10.0.1.456) to port 80 on 10.0.1.789.
-
First create hop to gateway #1. First setup the connection to the first server. Setup a tunnel to the second gateway in Connection>SSH>Tunnels. In this example we're forwarding port 2222 to the second gateway.
-
Now we'll setup the second hop. We'll tunnel through the first gateway to the next gateway and setup port forwarding on the second gateway. The connection is to localhost on port 2222. This will tunnel through the running ssh connection to the second hop. On this connection we setup a port forward from port 3333 to 10.0.1.789.
Now open up a browser and navigate to 127.0.0.1:3333 and you'll tunnel through the two SSH connections to 10.0.1.789:80