Here's a great discussion on setting up an ssh tunnel via multiple hops. And another.
http://superuser.com/questions/96489/ssh-tunnel-via-multiple-hops
http://sshmenu.sourceforge.net/articles/transparent-mulithop.html
Problem-
Tunneling data over ssh is pretty straight-forward:
ssh -D9999 username@foreignhost.com
sets up port 9999 on your localhost as a tunnel to foreignhost.com, but I have more specific need:
I am working locally on localhost
host1 is accessible to localhost
host2 only accepts connections from host1
I need to create a tunnel from localhost to host2
Effectively I want to create a "multi-hop" ssh tunnel. How can I do this? Ideally, I'd like to do this without needing to be superuser on any of the machines.
Solution-You basically have three possibilities:
1)Tunnel from localhost to host1:
ssh -L 9999:host2:1234 -N host1
As noted above, the connection from host1 to host2 will not be secured.
2)Tunnel from localhost to host1 and from host1 to host2:
ssh -L 9999:localhost:9999 host1 ssh -L 9999:localhost:1234 -N host2
This will open a tunnel from localhost to host1 and another tunnel from host1 to host2. However the port 9999 to host2:1234 can be used by anyone on host1. This may or may not be a problem.
3)Tunnel from localhost to host1 and from localhost to host2:
ssh -L 9998:host2:22 -N host1
ssh -L 9999:localhost:1234 -N -p 9998 localhost
This will open a tunnel from localhost to host1 through which the SSH service on host2 can be used. Then a second tunnel is opened from localhost to host2 through the first tunnel.
"The unexamined life is not worth living." --Socrates--
No comments:
Post a Comment