Forward SSH through SSH tunnel

My situation :

Me(localhost) -> Server A(ip:100.100.100.100) =>(server B(ip:192.168.25.100),server....)

i'm able to SSH into server since it has a true ip if i then want to connect to server b, i would ssh server b with it's ip(192.168.25.100)

example:

from my pc:

ssh [email protected]

then in 100.100.100.100,

ssh [email protected]

this would get me to server B with ssh

what if i want to connect to server b directly? how can i do that?

example:

from my oc:

[email protected]

i have tried the following:

ssh -L 22:localhost:22 [email protected]

without success


Solution 1:

Your problem is in binding a listener to localhost:22; there's already an sshd listening on that. Tunnelling an ssh connection through an ssh connection is completely lawful, and I do it all the time, but you need to pick unused ports for your forwarding listeners.

Try

me% ssh [email protected] -L 2201:192.168.25.100:22

then

me% ssh localhost -p 2201

You should end up on server B (unless something's already bound to me:2201, in which case, pick another port).

Solution 2:

You don't have to use ssh port forwarding to ssh into an internal computer through a proxy. You can use the ssh feature of executing a command on the first server you connect to in order to ssh into a 3rd computer.

ssh -t [email protected] ssh [email protected]

The -t option forces ssh to allocate a pseudo-tty so you can run an interactive command.

This can work with ssh keys as well. If you have your private and public key on machine A and your public key in the authorized keys files on machines B and C, then you can use the -A option to forward the authentication agent connection.

Solution 3:

As of OpenSSH 7.3 (late 2016) the easiest way is the ProxyJump setting. In your ~/.ssh/config:

Host B
  ProxyJump A

Or on the command line, , -J B.

Solution 4:

I used a different solution. I used a ProxyCommand option (here in ~/.ssh/config):

Host myinsidehost1 myinsidehost2 myinsidehost3
ProxyCommand ssh externalhost ssh %h sshd -i

This doesn't set up any port-to-port tunnel, instead tunnels ssh by using standard stdin/out. This method has a drawback that there are actually three ssh connections to authenticate. But to connect to the internal host you just type:

ssh myinsidehost2

...so you do not need to care about choosing any IP for that tunnel.