I want to access a remote folder on a server B that is accessible only via a server A. I have accounts on both machines.
To access a terminal on B i would first connect to A via ssh, and then hop to B.
To use a port on B I would do the same, establishing a port mapping via ssh tunneling.
But what can I do to access a folder on B from a graphical file manager, like dolphin, using a protocol like fish? How can I establish the intermmediate connection?
I have tried the indirect way of creating a tunnel from localhost:port to the intermmediate machine, and from there to the target machine, and connect to fish://localhost:port on the file manager, but keep getting connection refused.
You can do that using standard sshfs if you configure the intermediate machine as a proxy in your client configuration (default location is ~/.ssh/config):
Host <remote>
ProxyCommand ssh -W %h:%p proxy
Host proxy
Hostname <real-proxy>
where <remote> is the hostname / IP address of the remote machine (%h will be replaced by it later). <real-proxy> is the hostname / IP address of the intermediate machine.
Then you can mount your remote filesystem locally and access it using whatever graphical file manager you like:
sshfs <remote>:/remote/path /mnt/mountpoint
Related
I need to reach an ftp host that has whitelisted some ip addresses. In order to access the host via these whitelisted ips I need to jump through HOST B that is not publicly accessible. I need to jump through HOST B via HOST A that is publicly accessible.
I want to use an ftp client locally to access the ip-restricted ftp host. How can I do this via combination of ssh config file and ssh commands ?
I tinkered but was unable to get anything sensible.
I'm developing some webhook required direct access public domain to internal machine, thinking use SSH tunnel to forward data, or got alternative solution?
Hosting server & development machine are in same network
192.168.1.2/24 (Hosting server)
2nd machine is virtual mapping using forticlient firewall without static or dynamic IP in visible in hosting server, so is 1 way initial communication right now.
In this case possible to setup SSH tunnel forward all traffic from 192.168.1.2:80 to handle in development machine port 8080?
How to ssh syntax look like?
Thanks.
This could be done by setting up an SSH tunnel to the remote machine:
ssh -L localhost:80:localhost:8080 development-system
Every request to port 80 on the hosting-server is now forwarded to port 8080 on the development-system.
Please note, that the port 80 on the hosting-server could only be used, when you start the SSH command as root. Also note that the port 80 is only accessible from the hosting-server. To access the port 80 on the hosting-server from everywhere use the following:
ssh -L 80:localhost:8080 development-system
Be sure that you want that.
A good introduction to the topic could be found at
https://www.ssh.com/ssh/tunneling/example
https://unix.stackexchange.com/questions/115897/whats-ssh-port-forwarding-and-whats-the-difference-between-ssh-local-and-remot
I am trying to access a linux server through ssh. Typically this is accessed through a Win2012 jump server using putty.
I was able to setup a reverse ssh connection in putty from jump server to a AWS VM through HTTP proxy. And this was supposed to forward it to my linux server. But when I connect to my AWS VM and initiate ssh over my remote port, the whole thing just hangs. What am I doing wrong, and is there a better/easier way? No malicious intent, I have physical access to both jump server and linux server. Just bypassing shitty corp firewall.
Can you explain what you did in details ?
Typically on unix systems, for a reverse ssh tunnel, you can do this on your server behind the firewall:
ssh -NR ssh_port_AWS:localhost:ssh_port_local_server user#ip_AWS
You need to replace
ssh_port_AWS by the port of the distant server that you want to use to access the local server.
ssh_port_local_server by the port of the ssh server of your local server (if you don't change anything, 22).
user#ip_AWS by your AWS connection details (user#IP)
Let's say I have a digital ocean droplet - 68.456.72.184
When ssh-ing into my remote server, I'd rather not have to type out the whole ssh command -
ssh 68.456.72.184
The host's name is Stormtrooper - how do I make it so that client machines can ssh into the server via
ssh Stormtrooper
I imagine this requires some sort of configuration on the local client machine that's connecting? In what order does does a client machine search for host names? I imagine there's some local setting where it looks for "Stormtrooper"'s IP address, and if not found it it looks in the local network, and then looks in the "global" network (i.e. public DNS).
I'm not quite sure how that lookup process works, so an explanation there would be great as well.
You can create local ssh_config in ~/.ssh/config with a content:
Host Stormtrooper
Hostname 68.456.72.184
And then you can ssh to that server using ssh Stormtrooper (even tab completion will work for you).
Connecting using FQDN will work too if you have correctly set up DNS. If you have a domain Stormtrooper.tld pointing to this IP, you are able to ssh using
ssh Stormtrooper.tld
For local network resolving, you would need local DNS, which would do this translation for you.
I want to connect to a remote server (host1) that accessible only from it's private network.
Another server (host2) is accessible from the Internet.
I opened a tunnel to host2 using PuTTY and tested it's working with Firefox (also checked that I got different IP address).
How can I connect to host1 using the tunnel I created?
I tried to configure proxy (to the tunnel I created - localhost) in PuTTY but it's not working.
The error I got: "Server unexpectedly closed network connection"
Pay attention that the host is the computer name in the network.
You connect to the local tunnel end directly, no "proxy" setting is needed.
This typically means that you use "localhost" as a Host Name. And a port according to your tunnel configuration.
See my guide for tunneling SFTP/SCP session. It's for WinSCP, but just use PuTTY instead of WinSCP in section Connecting through the tunnel.