Forward SSH through SSH tunnel
My situation :
Me(localhost) -> Server A(ip:100.100.100.100) =>(server B(ip:192.168.25.100),server....)
i'm able to SSH into server since it has a true ip if i then want to connect to server b, i would ssh server b with it's ip(192.168.25.100)
example:
from my pc:
ssh [email protected]
then in 100.100.100.100,
ssh [email protected]
this would get me to server B with ssh
what if i want to connect to server b directly? how can i do that?
example:
from my oc:
[email protected]
i have tried the following:
ssh -L 22:localhost:22 [email protected]
without success
Solution 1:
Your problem is in binding a listener to localhost:22; there's already an sshd listening on that. Tunnelling an ssh connection through an ssh connection is completely lawful, and I do it all the time, but you need to pick unused ports for your forwarding listeners.
Try
me% ssh [email protected] -L 2201:192.168.25.100:22
then
me% ssh localhost -p 2201
You should end up on server B (unless something's already bound to me:2201, in which case, pick another port).
Solution 2:
You don't have to use ssh port forwarding to ssh into an internal computer through a proxy. You can use the ssh feature of executing a command on the first server you connect to in order to ssh into a 3rd computer.
ssh -t [email protected] ssh [email protected]
The -t
option forces ssh to allocate a pseudo-tty so you can run an interactive command.
This can work with ssh keys as well. If you have your private and public key on machine A and your public key in the authorized keys files on machines B and C, then you can use the -A
option to forward the authentication agent connection.
Solution 3:
As of OpenSSH 7.3 (late 2016) the easiest way is the ProxyJump setting. In your ~/.ssh/config
:
Host B
ProxyJump A
Or on the command line, , -J B
.
Solution 4:
I used a different solution. I used a ProxyCommand
option (here in ~/.ssh/config
):
Host myinsidehost1 myinsidehost2 myinsidehost3
ProxyCommand ssh externalhost ssh %h sshd -i
This doesn't set up any port-to-port tunnel, instead tunnels ssh by using standard stdin/out. This method has a drawback that there are actually three ssh connections to authenticate. But to connect to the internal host you just type:
ssh myinsidehost2
...so you do not need to care about choosing any IP for that tunnel.