I need to know if is possible to put a local port in a remote machine via ssh tunneling
Example
Machine A: port 80
Machine B: Nothing
Inside Machine A (important, because A can see B, but B can't see A)
A> ssh -f -N -? 80:B:8585 user#B
result
Machine A: port 80
Machine B: port 8585 (really A:80)
Thanks in Advance
You need the -R switch
ssh -f -N -R 8585:localhost:80 user#B
localhost is from A's perspective, so it means to forward port 8585 on B to port 80 on A.
See also the RemoteForward setting in your ~/.ssh/config.
Related
I have three hosts: A, B, C. B can connect to C through ssh, via port 221. A cannot connect to C because it's behind a router, but can connect to B through ssh. What I need, is to connect from A to C.
The situation is summarized below:
A -- p22 ---> B OK
B -- p221---> C OK
A -- p???---> C not working
I have tried many variations of ssh tunneling but looks like I don't get how tunneling works. Also, I have no root privileges on any of the hosts, therefore I cannot do port forwarding on port 22. I am therefore not sure this tunneling can be done at all. If it can, however, I would appreciate the exact commands to run on each host so that I can finally ssh from A to C.
While you could set up an explicit tunnel in this situation, it's much more convenient to use the -J option
ssh -J B -p 221 C
or the ProxyJump option explicitly
ssh -o ProxyJump=B -p 221 C
ssh will first connect to B for you (prompting for a password if necessary), then connect to C from B. From your point of view, you will have connected directly to C.
The idea of ssh -L local_port:another_host:destination_port user#host is to say a/ start listening locally on local_port b/ connect to remote host (as usual), and once you're there, connect to that another_host and c/ forward everything you will receive locally to that another host's destination_port
so, I would try the following (from host A)
ssh -C -N -L 2222:C:221 user#B
then from another terminal
ssh -p 2222 user#localhost
I did not test the above. Happy to dig deeper if required.
Here is the human readable explanation (hopefully) :
starting from host A
ssh, connect as user on host B (no port specified as 22 is the default)
-C compress all content in transit in the tunnel
-N says to not open a tty (interactive) session on host B
-L says "once you're on B, start listening on this host (A) on port 2222 (as you are not root) and forward everything to C, port 221"
If you're using password authentication, it should work. Certificate authentication would require a bit of additional configuration on B to correctly forward your certificate to C (which exact syntax I don't remember right now)
I have 3 Ubuntu machines. First one (A) is my local machine, second one (B) is a gateway to the third (C) Ubuntu server. I can SSH from my local machine, A, to B and then SSH from B to C. I can't SSH from A to C directly.
What I need is to remotely log (graphical) into C from B? and if possible from A? I'm no network guy and the tunneling concept and port 3389 is confusing me.
Appreciate your help.
Confusing or not, you need tunneling. The easiest:
ssh -L 7722:address.of.C:22 address.of.B
will log you into B. At the same time, it will set up a tunnel between the current machine's port 7722 (can be any unused port over 1024, I arbitrarily selected 7722) and C's port 22 (the ssh port). Then, in another terminal,
ssh -X -p 7722 localhost
will open a SSH connection to your local port 7722, which is being tunneled to C's 22. It is functionally equivalent to ssh address.of.C while the above tunnel exists.
When you are done, just exit the second connection to leave C, then exit the first connection to deconstruct the tunnel.
If you don't have two terminals to work with, it is a bit more complex since you need a way to refer to the tunnel in order to be able to close it later.
ssh -fNM -S /tmp/tunnel.B.to.C.control 7722:address.of.C:22 address.of.B
ssh -X -p 7722 localhost
ssh -O exit -S /tmp/tunnel.B.to.C.control address.of.B
Here, /tmp/tunnel.B.to.C.control is an arbitrary name of file in a location where you can create a file. The first command sets up a tunnel and exits (instead of logging in), but stays in memory and records its activities in the named file. The last command then releases the tunnel, the memory and the file.
I am looking for a solution to the standard ssh middleman tunneling with a twist.
I have four machines ABCD.
A is a the local device (embedded and no ssh available) that is not on the fire walled network
B is a server that is accessible from 'A' and can SSH to 'C'
C is a server on the fire walled network
D is a computer on the fire walled network that is running a service on a tcp port 9090 that a needs access to.
Is it possible to issue an SSH command from 'B that allow 'A' to connect to 9090 on 'D'?
B and C need an SSH server to forward B:9090 to D:9090. Then A can connect to B:9090.
On B:
ssh -g -L 9090:D:9090 -N C
-g allows remote hosts like A to connect to local forwarded ports.
Setup:
My computer (linux / unix) has an arbitrary IP address
I can connect to a central linux server which has a static ip
Remote linux systems are set up so they only respond to central server IP address on port 22
I want to port forward through the central server so I can use MySQLWorkbench and make python scripting connections on port 3306 to the remote systems.
Ideally, I would like the syntax for ssh command to make the port forwarding work;
Suppose I want to forward local port 3307 to 3306 on the remote system. Assume my ip is x.x.x.x, the central server IP is y.y.y.y, and the remote system IP is z.z.z.z;
I think it has something to do with ssh -L but I can only forward to the central server so far. Maybe I need to connect to the central server, set up forwarding there, then set up forwarding on my machine? I think functionality exists to do it with a single command using ssh.
If this is a duplicate, it should not be marked as such because without knowing what magic keyword to search for, you can't find the duplicate;
Clarification: port 3306 is NOT open on the remote server. Only 22
ssh -L :3307:z.z.z.z:3306 user#y.y.y.y -Nf
Works fine
or
ssh -L 3307:z.z.z.z:3306 user#y.y.y.y -Nf
To only bind to x.x.x.x's localhost
The first example binds to all interfaces
edit...
Just seen that z.z.z.z only has port 22 open.
on y.y.y.y you will also need to have a local port open
run on y.y.y.y
ssh -L 3307:localhost:3306 user#z.z.z.z -Nf
then on x.x.x.x
ssh -L 3307:localhost:3307 user#y.y.y.y -Nf
run these commands in a screen for best results
You can actually condense these 2 commands together
ssh -L 3307:localhost:3307 user#y.y.y.y -f 'ssh -L 3307:localhost:3306 user#z.z.z.z -Nf'
ssh -L <local-port-to-listen>:<remote-host>:<remote-port>
The āLā switch indicates that a local port forward is need to be created
Best method is to create the tunnel using putty (ssh client). so you can start the shell, and it will create the ssh tunnel for you. this is a good reference
https://howto.ccs.neu.edu/howto/windows/ssh-port-tunneling-with-putty/
Suppose the network is like:
A(192.68.0.1)--------------------B(192.68.0.2)------------------C(192.68.0.3)
A is my ssh server, C is a target ssh server, and I can telnet from A to B(my account is not root).
B is a server not allow ssh login from others, but B can login to C via ssh.
Is it possible to connect C from A through B via ssh?
If you can run programs on B, you can use something like simpleproxy to forward the TCP connection to C.
Then you SSH from A to some port on B (not 22), which will forward your connection to C. Everything will still be encrypted since the SSH session is A<->C.
ok telnet to b
you can actually ssh to yourself on b, but the following command may not work but try it first
ssh -L0.0.0.0:2200:192.68.0.3:22 127.0.0.1 ...
if sshd is not running on b... then ssh to c
ssh -L0.0.0.0:2200:192.68.0.3:22 192.68.0.3
do a
netstat -an | grep 2200 -- Do this on b (192.68.0.2)
if the netstat has 127.0.0.1 listening on 2200 and not 0.0.0.0 this trick wont work... but if it does... you can then connect to ssh on port 2200 to b and it will hit c
ssh 192.68.0.2:2200
i have you ssh to localhost on b because i cant remember the command to not spawn a shell and im too lazy to look it up... but if the solution above does not work you wont be able to redirect ports with ssh without root, you would have to change the config file on b
you would have to add
GatewayPorts yes to the sshd config file in /etc/sshd/conf/sshd_config
http://docstore.mik.ua/orelly/networking_2ndEd/ssh/ch09_02.htm -- this talks all about port forwarding with ssh