Forward SSH through SSH tunnel

ssh linux port-forwarding ssh-tunnel

My situation :

Me(localhost) -> Server A(ip:100.100.100.100) =>(server B(ip:192.168.25.100),server....)

i'm able to SSH into server since it has a true ip if i then want to connect to server b, i would ssh server b with it's ip(192.168.25.100)

example:

from my pc: 

ssh [email protected]

then in 100.100.100.100, 

ssh [email protected]

this would get me to server B with ssh

what if i want to connect to server b directly? how can i do that?

example:

from my oc:

[email protected]

i have tried the following:

ssh -L 22:localhost:22 [email protected]

without success


Solution 1:

Your problem is in binding a listener to localhost:22; there's already an sshd listening on that. Tunnelling an ssh connection through an ssh connection is completely lawful, and I do it all the time, but you need to pick unused ports for your forwarding listeners.

Try

me% ssh [email protected] -L 2201:192.168.25.100:22

then

me% ssh localhost -p 2201

You should end up on server B (unless something's already bound to me:2201, in which case, pick another port).

Solution 2:

You don't have to use ssh port forwarding to ssh into an internal computer through a proxy. You can use the ssh feature of executing a command on the first server you connect to in order to ssh into a 3rd computer.

ssh -t [email protected] ssh [email protected]

The -t option forces ssh to allocate a pseudo-tty so you can run an interactive command.

This can work with ssh keys as well. If you have your private and public key on machine A and your public key in the authorized keys files on machines B and C, then you can use the -A option to forward the authentication agent connection.

Solution 3:

As of OpenSSH 7.3 (late 2016) the easiest way is the ProxyJump setting. In your ~/.ssh/config:

Host B
  ProxyJump A

Or on the command line, , -J B.

Solution 4:

I used a different solution. I used a ProxyCommand option (here in ~/.ssh/config):

Host myinsidehost1 myinsidehost2 myinsidehost3
ProxyCommand ssh externalhost ssh %h sshd -i

This doesn't set up any port-to-port tunnel, instead tunnels ssh by using standard stdin/out. This method has a drawback that there are actually three ssh connections to authenticate. But to connect to the internal host you just type:

ssh myinsidehost2

...so you do not need to care about choosing any IP for that tunnel.

Related

Windows XP PCs in company network
Where does the route to 169.254.0.0 comes from?
How to solve `configure: error: Cannot find OpenSSL's <evp.h>`?
What command prints a string as "big ascii text art" in bash? [closed]
Is it valid to have part of an IPv4 address set to zero?
BASH Scripting, su to www-data for single command
What's the maximum number of IPs a DNS A record can have?
Pay no attention to that SAN behind the curtain
How to reclaim all/most free space from a sparsebundle on OS X
Is there a way to run virt-manager on Windows?
How bad is setting MySQL's bind-address to 0.0.0.0?
Proxy Pass not working