Setup:
My computer (linux / unix) has an arbitrary IP address
I can connect to a central linux server which has a static ip
Remote linux systems are set up so they only respond to central server IP address on port 22
I want to port forward through the central server so I can use MySQLWorkbench and make python scripting connections on port 3306 to the remote systems.
Ideally, I would like the syntax for ssh command to make the port forwarding work;
Suppose I want to forward local port 3307 to 3306 on the remote system. Assume my ip is x.x.x.x, the central server IP is y.y.y.y, and the remote system IP is z.z.z.z;
I think it has something to do with ssh -L but I can only forward to the central server so far. Maybe I need to connect to the central server, set up forwarding there, then set up forwarding on my machine? I think functionality exists to do it with a single command using ssh.
If this is a duplicate, it should not be marked as such because without knowing what magic keyword to search for, you can't find the duplicate;
Clarification: port 3306 is NOT open on the remote server. Only 22
ssh -L :3307:z.z.z.z:3306 user#y.y.y.y -Nf
Works fine
or
ssh -L 3307:z.z.z.z:3306 user#y.y.y.y -Nf
To only bind to x.x.x.x's localhost
The first example binds to all interfaces
edit...
Just seen that z.z.z.z only has port 22 open.
on y.y.y.y you will also need to have a local port open
run on y.y.y.y
ssh -L 3307:localhost:3306 user#z.z.z.z -Nf
then on x.x.x.x
ssh -L 3307:localhost:3307 user#y.y.y.y -Nf
run these commands in a screen for best results
You can actually condense these 2 commands together
ssh -L 3307:localhost:3307 user#y.y.y.y -f 'ssh -L 3307:localhost:3306 user#z.z.z.z -Nf'
ssh -L <local-port-to-listen>:<remote-host>:<remote-port>
The āLā switch indicates that a local port forward is need to be created
Best method is to create the tunnel using putty (ssh client). so you can start the shell, and it will create the ssh tunnel for you. this is a good reference
https://howto.ccs.neu.edu/howto/windows/ssh-port-tunneling-with-putty/
Related
The next picture was used to create a tunnel with mobaxterm:
Does anyone knows the meaning? also, how can I do to translate this into Ubuntu Linux ssh command to create the tunnel specified by the picture?. I need this to connect to my db.
Thx
That looks roughly like
ssh myusername#grv.soccer.cpu.edu -p 7822 -L 1338:172.178.0.12:3338
which basically means: connect to grv.soccer.cpu.edu using username myusername, the server is using port 7822 instead of the default port 22 and, while you are it, put local port 1338 in LISTEN and tunnel-it to port 3338 of server/IP 172.178.0.12; after you've successfully connected to the grv.soccer.cpu.edu you'll have the service running on 172.178.0.12:3338 directly reachable locally on/at 127.0.0.1:1338.
I am trying to use dynamic port forwarding to ssh to various servers in my university from home.
I used local port forwarding successfully:
ssh -L 10001:server1:22 my_user#proxy_server
ssh -p 127.0.0.1:10001
but I am using 12 servers, and I'd like to create only one tunnel (dynamic).
Is it possible to configure ssh to use a SOCKS proxy?
You can add the '-L' option several times to have more then one forwarding through one ssh connection.
Like
ssh -L 10001:server_1:22 -L10002:server_2:22 -L ... my_user#proxy_server
I'm using SSH tunneling for the first time, so I'm trying to understand how to configure it.
I've got a remote Linux server that hosts a MySQL database that I'm trying to connect to. In order to access the MySQL database directly through a software that only recognizes local databases, I suppose SSH tunneling would be the right way to set up the access, correct?
Now, I'm trying to set up the tunneling on my 'home' computer which is running the software that's trying to access the MySQL database. My first question is whether this is reverse tunneling or normal tunneling? Secondly, is it local tunneling or remote tunneling?
Finally, from what I understand, my code is supposed to look something like
ssh -L 8080:mylinuxserver.mycompany.com:22 myuser#mylinuxserver.mycompany.com
Is this correct? Is my source port '22' since I'm using SSH and is my destination port 8080 (or is there something more appropriate)?
When I try to use the above code, I am able to login using my passphrase (since my key is already in the MyLinuxServer) but when I ping localhost:8080, it cannot find the host.
What am I doing wrong?
I've got a remote Linux server that hosts a MySQL database that I'm trying to connect to
The command should be:
ssh -L 8080:localhost:3306 myuser#mylinuxserver.mycompany.com
Where:
8080: is hte local port on your workstation
localhost: is corresponding to mylinuxserver.mycompany.com
3306: the MySQL port on above localhost.
then connect (from your workstation) to MySQL as:
mysql -h 127.0.0.1 --port=8080
Besides, ping localhost:8080 is wrong. Ping cannot work that way.
Try this:
ssh -f ssh_user#mylinuxserver.mycompany.com -L 3307:mysql1.example.com:3306 -N
Next, to access the mysql your trying to connect to:
mysql -h 127.0.0.1 -P 3307
Recently I buyed a Foscam wireless IP camera:
http://www.foscam.com/Products_List.asp?id=173
In my home, my laptop and my IP camera are behind a cable modem (my ISP gives me a dynamic IP) using a linksys router (I dont have a public IP).
Actually I use SSH in a basic way to learn / manage some basic things in my VPS server.
My question is (the right ssh flags and commands to achieve this):
I think that I need to create:
A tunnel from my local router to a remote VPS server where I have root access.
A portforward in the router.
Thanks in advance.
You need to add a port forward in your router from port X to port 22 on your home computer.
You can then ssh -p X username#your-home-ip.
Include the -L Y:foscamip:80 command line switch when you run ssh, assuming focscam runs a web server on port 80 (standard). Use something over 1024 for Y, like 8080.
Open up a web browser, and go to http://localhost:Y.
You have access! When you're done, simply log out of your ssh session.
Old question, but I will answer in the hope it helps someone like me. Given:
you have a VPS with root access at root#example.com
you have an RTSP-compatible IP camera in your LAN at address 192.168.1.100
you have a PC/router/Raspberry Pi able to create the tunnel
what I did was
ssh -N -f -R 10554:192.168.1.100:554 root#example.com
Exaplanation:
-N: don't execute any command via SSH
-f: put SSH in the background
-R: remote port forwarding
10554: a port to open on the VPS to access the IP camera (better if > 1024)
192.168.1.100:554: IP address and port you want to access remotely
root#example.com: user and address of your VPS
To access the RTSP stream of the camera, open rtsp://<username>:<password>#example.com:10554/<path-to-stream>.
Of course it works fine also for other kind of streams (e.g. HTTP).
Better yet, use autossh.
/usr/bin/autossh -N -f -M 0 -i /home/pi/.ssh/id_rsa -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -R 10554:192.168.1.100:554 root#example.com.
I ended up with this command reading a lot of articles on the web. I even created an autossh user on the VPS without a shell, so it can do nothing apart from port forwarding.
I need to do some work on a server to which I don't have direct access to. I do have access to my company network (via vpn). If I were on that network, I could access the server directly. But, for some reason when I'm on the vpn, I can't access the server directly.
So, I need to ssh into an intermediary ubuntu box, and then create an ssh tunnel from that box to the server.
Then, I can do my work on my laptop and send it through a local tunnel that points to a foreign tunnel (on my ubuntu box) that goes to the server.
But I don't know how to do a tunnel that creates another tunnel to a third server.
Any ideas?
Thanks,
Scott
What are you trying to achieve? If you just want to get to a shell on the server then ssh into the Ubuntu box and then ssh from there to the server.
If you want to access some other network resource on the server then you want to forward a port from the server (where you can't get to it) to the Ubuntu box (where you can). Take a look at the -L option in ssh.
Edit:
Copying files to the server:
tar c path/* | ssh ubuntuName 'ssh serverName "tar x"'
Copying stuff back:
ssh ubuntuName 'ssh serverName "tar c path/*"' | tar x
Obviously you need to change ubuntuName, serverName and path/* to what you want. To use rsync you need the -E option and the same trick of wrapping one ssh command inside another. After reading your comment I'd say that the most general answer to your question is that the trick is making ssh execute a command on the target machine. You do this by specifying the command as an argument after the machine name. If you use ssh as the target command for ssh to execute then you get the two-hop behaviour that you are looking for. Then it is just a matter of playing with quotes until everything is escaped correctly.
It's just a double port forward. Forward the ports from the PC to the ubuntu box, then on the ubuntu box forward those destination ports to the final endpoint. It's been a while since I've done command line ssh (been trapped in windows hell :)), so I can't give the command line you need. Another possibility is to use the SOCKS proxy ability built into SSH.
To connect from your local machine over a second machine to a specific port on the third machine you can use the ssh -N -L option:
ssh -N second_machine -L 8080:third_machine:8082
This maps the Port 8082 on the third machine to port 8080 on the local machine (eg. http://localhost:8080/ ).