I am trying to use dynamic port forwarding to ssh to various servers in my university from home.
I used local port forwarding successfully:
ssh -L 10001:server1:22 my_user#proxy_server
ssh -p 127.0.0.1:10001
but I am using 12 servers, and I'd like to create only one tunnel (dynamic).
Is it possible to configure ssh to use a SOCKS proxy?
You can add the '-L' option several times to have more then one forwarding through one ssh connection.
Like
ssh -L 10001:server_1:22 -L10002:server_2:22 -L ... my_user#proxy_server
Related
I have a two step solution to access a certain server via SSH:
Step 1, in bash:
ssh -L 127.0.0.1:5000:server2.com:22 server1.com
Step 2, in a new bash session:
ssh -P 5000 127.0.0.1 # This gets me into server2.com
Q1: Is there any way I can combine these two commands into one ssh command, and...
Q2: can I set up one single host entry in my ~/.ssh/config for this connection (allowing me to just type e.g. ssh my-tunnel)?
I suppose this comes down to chaining the hosts in some way. I am new to this and can't quite figure this out...
I came accross this question and was surprised by the fact that ssh supports jump hosts.
You can use single command to connect to the target server while ssh will take care about intermediate hop.
ssh -J server1.com server2.com
-J [user#]host[:port]
Connect to the target host by first making a ssh connection to the jump host and then establishing a TCP
forwarding to the ultimate destination from there. Multiple jump hops may be specified separated by
comma characters. This is a shortcut to specify a ProxyJump configuration directive
And here is the corresponding jump host configuration for SSH config:
Host jumphost
Hostname server1.com
User $YOUR_USERNAME
Port 22
Host my-tunnel
Hostname server2.com
User $YOUR_USERNAME
Port 22
ProxyJump jumphost
...enabling the command: ssh my-tunnel
I have a requirement to tunnel NETCONF (typically TCP-22) connections over a jumphost, but for a dynamic host.
I understand I can do remote SSH tunneling for defined hosts, e.g.:
ssh -R 2201:jumphost:22 rtr1
ssh -R 2202:jumphost:22 rtr2
But I'd like to be able to connect to a dynamic host, by tunneling over a jumphost, something like:
ssh -R 2201:jumphost:22 *
And then to be able to make a NETCONF connection such as:
connect rtrN port 2201
Is this doable via SSH tunneling? I don't want to use dynamic SSH tunnels, as I'd have to specify a proxy port whenever I make the connection, which I can't really do when I make the connection.
I've actually figured out how to do this in case anyone is interested:
In SSH config file:
Host *.*
ProxyCommand ssh user#jump nc %h %p
Then anything you SSH to, will forward over the jump connection, then nc to the host.
I'm trying to use rsync to connect to an Rsync server. However, our company firewall blocks the 873 port used by rsync.
Using the following proxy configuration with corkscrew in the ~/.ssh/config file, I can bypass the firewall and connect to remote servers with SSH:
ProxyCommand /usr/local/bin/corkscrew our-http-proxy.domain.name 8080 %h %p
Thus, with the above configuration, I use ssh the following way, which lets me connect to a remote machine with no problem:
ssh -L 8080:localhost:80 username#remote.machine.name -p 443
My question is, can I use rsync to utilize such ssh tunnel, and connect to the Rsync server?
I so far tried a few ways to have rsync utilize the same ssh proxy configuration. One of them is as follows, which always results in ssh_exchange_identification: Connection closed by remote host:
rsync -CaLvz -e "ssh -L 873:remote.rsync-server.name:443" remote.rsync-server.name::remote-source-directory /local/target/directory/
Any ideas?
Setup:
My computer (linux / unix) has an arbitrary IP address
I can connect to a central linux server which has a static ip
Remote linux systems are set up so they only respond to central server IP address on port 22
I want to port forward through the central server so I can use MySQLWorkbench and make python scripting connections on port 3306 to the remote systems.
Ideally, I would like the syntax for ssh command to make the port forwarding work;
Suppose I want to forward local port 3307 to 3306 on the remote system. Assume my ip is x.x.x.x, the central server IP is y.y.y.y, and the remote system IP is z.z.z.z;
I think it has something to do with ssh -L but I can only forward to the central server so far. Maybe I need to connect to the central server, set up forwarding there, then set up forwarding on my machine? I think functionality exists to do it with a single command using ssh.
If this is a duplicate, it should not be marked as such because without knowing what magic keyword to search for, you can't find the duplicate;
Clarification: port 3306 is NOT open on the remote server. Only 22
ssh -L :3307:z.z.z.z:3306 user#y.y.y.y -Nf
Works fine
or
ssh -L 3307:z.z.z.z:3306 user#y.y.y.y -Nf
To only bind to x.x.x.x's localhost
The first example binds to all interfaces
edit...
Just seen that z.z.z.z only has port 22 open.
on y.y.y.y you will also need to have a local port open
run on y.y.y.y
ssh -L 3307:localhost:3306 user#z.z.z.z -Nf
then on x.x.x.x
ssh -L 3307:localhost:3307 user#y.y.y.y -Nf
run these commands in a screen for best results
You can actually condense these 2 commands together
ssh -L 3307:localhost:3307 user#y.y.y.y -f 'ssh -L 3307:localhost:3306 user#z.z.z.z -Nf'
ssh -L <local-port-to-listen>:<remote-host>:<remote-port>
The āLā switch indicates that a local port forward is need to be created
Best method is to create the tunnel using putty (ssh client). so you can start the shell, and it will create the ssh tunnel for you. this is a good reference
https://howto.ccs.neu.edu/howto/windows/ssh-port-tunneling-with-putty/
I can now forward one port 8080 to the remote port 80 by ssh -L 8080:localhost:80 user#host.com, Is it possible to do multiple port forwarding with one ssh connection?
Yes, use -L option for each port to be forwarded.
Example:
ssh -L 8080:localhost:80 -L 7070:localhost:70 user#host.com
That is called dynamic port forwarding and if both the SSH server and SSH client support this, you configure your clients to use the SSH client as a SOCKS proxy and the SSH does the rest. In this case one "SSH connection" (in fact SSH connection carries multiple independent channels "inside") is used to connect to multiple destinations.