There is one computer (A) in one local network and the other (B) in the other one. None of them have public ip addresses. Both LAN gateways are out of my control. But I have a VPS server with public IP address and both A and B are able to connect to this VPS. How can I establish an ssh tunnel from A to B using intermediary VPS?
Connect from B to vps forwarding remote port to local side (seem -R ssh option):
B# ssh -R 2222:localhost:22 vpsuser#vpshost
this will connect you to VPS host making port 2222 on server connected to B host port 22 (ssh)
Only thing left to do is to connect from A to VPS server and from it to B via 2222:
A# ssh vpsuser#vpshost
VPS# ssh -p2222 buser#localhost
B#
Related
I am running a home network with a ddwrt installed router.
I can ssh into the router from homenetwork, i can ssh in the pc from inside the homenetwork, i can ssh into the router from outside the home network ( static public ip).
Now i want to ssh in my pc from outside the home network, as far as i have understood, to do that i need to create a ssh tunnel. I am using the following command :
ssh -L bbbb:hoomepcip:22 root:externalip
after doing this i open another terminal and i
ssh homepcusername#externalip -p bbbb
but it does not work, what am i doing wrong
Isn't the first command supposed to do a port forward in the router so everything i send to it's external ip on bbbb port goes to 22 of my home pc?
for now i have made a permanent port forward on the router gui, but i would like to not use that and open the port when i need to ssh.
both the router and the pc have SSH server installed, the router has dropbear the pc openssh
I found the solution for me.
So as i said i needed a way to ssh into my pc from outside my network through my router.
first open a terminal window and type
ssh -L bbbb:homepcIP:cc myrouterusername#mywanip -p aa
this will connect you to the router and forward port bbbb(chose a number from 1024-60000) to cc in your pc(usually 22)
type the password and leave it open
then open a new terminal window and type
ssh pcUSERNAME#localhost -p bbbb
bbbb in this case can be any port number you choose(best if above 1024, and max limit is 60000ish)
cc and bb are the port of the ssh servers (cc of my pc and bb of my router, they usually are 22 but it can change depending on conifguartion)
the key here is the "localhost" i always typed my pc ip in there but you have to type localhost and it connects to the pc correctly.
Also you have to have enabled SSH TCP Forwarding in the first server
Instead of SSH tunneling, you might consider tailscale.
See for instance "How to secure an Ubuntu server using Tailscale and UFW", which will restrict ssh access to be only over Tailscale, and use UFW (Uncomplicated Firewall) to restrict non-Tailscale traffic to your server.
That will give you a Tailscale IP address (starting with 100.x.y.z) which can be used to SSH, while your public internet IP would not allow SSH.
You can then add MFA (multi-factor auth) if you want.
Other example: "How to Setup SSH using Tailscale or Ngrok" from Ibrahim Jarif.
I have:
-PC with ubuntu 18
-Install and configure ssh for remote access
-Open ssh port in my router
-My IP is dinamic, so I configure Dynamic DNS (www.noip.com).
I have remote access to my PC from another external computer, with domain no-ip and ssh port. No problem.
Now:
-I connect my PC for Tunnel VPN (openvpn) to a VPN server (VPNbook)
-Refresh my no-ip domain with the new public VPN IP.
-But I can't connect for ssh (domain no-ip and ssh port) to my PC...
Why? What am I missing?
Finally I found:
https://unix.stackexchange.com/questions/237460/ssh-into-a-server-which-is-connected-to-a-vpn-service
https://askubuntu.com/questions/893775/cant-ssh-to-server-with-vpn-connection
https://www.linode.com/community/questions/7381/openvpn-client-connected-to-a-server-while-listening-to-ssh
In my PC:
Connect VPN
List item
Execute:
ip rule add from 192.168.0.101 table 128
ip route add table 128 to 192.168.0.0/24 dev enp2s0f0
ip route add table 128 default via 192.168.0.1
Where:
192.168.0.101 -> Internal IP to my PC
192.168.0.0/24 -> subnet, calculate with "subnetcalc"
enp2s0f0 -> it is the name of my net interface
192.168.0.1 -> My default-gateway
Now, i have remote access for ssh.
I have remote host/server with ssh access.
I have my computer in my work network which can connect via ssh only
in within this network.
And i can not connect via ssh to other world because of port 22
blocked by firewall.
I am trying to create ssh tunnel to forward example localhost:80 to remote_server:22.(i suppose to connect via ssh to localhost and will be forwarded to my remote server)
I tried for example without proxy
sudo ssh -L localhost:443:remote_server_ip:22 root#remote_host_name
and with proxy
https://wiki.archlinux.org/index.php/Tunneling_SSH_through_HTTP_proxies_using_HTTP_Connect
I have read a lot and checked stackoverflow but it still is not clear for me how to resolve this issue.
I am looking for a solution to the standard ssh middleman tunneling with a twist.
I have four machines ABCD.
A is a the local device (embedded and no ssh available) that is not on the fire walled network
B is a server that is accessible from 'A' and can SSH to 'C'
C is a server on the fire walled network
D is a computer on the fire walled network that is running a service on a tcp port 9090 that a needs access to.
Is it possible to issue an SSH command from 'B that allow 'A' to connect to 9090 on 'D'?
B and C need an SSH server to forward B:9090 to D:9090. Then A can connect to B:9090.
On B:
ssh -g -L 9090:D:9090 -N C
-g allows remote hosts like A to connect to local forwarded ports.
Hi my problem is i want to set up a ssh connection to my computer at home, but i am not able to do a dyn-dns routing because of my isp. I also got a vServer running.
My question now is: Is it possible to connect to the vServer from both my PC at home and my Laptop and somehow redirect the ssh, so i can ssh from my Laptop to my PC at home?
It is important, that they both first connect to the vServer as Clients.
Yes: use remote port forwarding.
From the home box, establish an SSH connection to server with something like:
ssh -R 2222:localhost:22 user#server
This means: "have server listen on port 2222, and forward connections thereon to "localhost:22" as viewed by the home box.
From your laptop, ssh to port 2222 on the vServer:
ssh -p 2222 server
This will be forwarded to port 22 on your home box.
This assumes that you can connect to 2222 from your laptop (and/or can't connect to anything other than 22 from home). There are ways around those assumptions.