Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
Here is my situation
I could access Server A from my home laptop via ssh.
Server B is only accessible from Server A via ssh.
Server C is only accessible from Server B via ssh.
Is there anyway that I could configure my .ssh/config so that I could ssh to Server C directly from my laptop ? I need this because I need regularly transfer files from Server C back to my laptop. I'm using 'scp' but go through this ssh hierarchy manually is too painful. I'm wondering whether there's a more straight-forward to do this via the magic of ssh.
You want to set up SSH tunnels to to allow SSH like this:
A => B
B => C
Here's an example of how to setup the tunnel to B through A on Linux:
ssh -f myusername#hostA -N -L 4444:hostB:22
Then, you should be able to ssh to port 4444 on hostA, and have that forwarded to port 22 (where SSH commonly runs) on hostB. After running the above command, try this:
ssh -p 4444 hostA
That should connect you to hostB. You may have to change ports for this to work, if port 4444 on hostA is already being used you'll have to pick a different port. Assuming that this works, you can use the same command with different hostnames to set up the tunnel from B => C:
ssh -f myusername#hostA -N -L 4444:hostB:4444
ssh -f myusername#hostB -N -L 4444:hostC:22
This is also useful if you want to set up a SOCKS proxy for web browsing. I do this so that my web traffic looks like it's coming from my university, so that I can use online access to scientific journals.
References:
Tunneling protocol
Breaking firewalls with OpenSSH and Putty
How to create an SSH tunnel using Putty, and then use that tunnel as a Firefox SOCKS proxy
Related
Im experiencing a problem replicate my putty ssh tunneling with Cmder bash (on windows machine).
1. I want to access web interface on port 7183 on server_2. To get there I have to go through jump_server first and and tunnel twice, as from the jump_server, only visible port is 22.
Steps with putty:
1. connect to jump_server with tunnel (L22 server_2:22) using username_1
2. connect to localhost with tunnel (L7183 localhost:7183) using username_2
After that, Im able to access the web interface when I type localhost:7183 into browser on my local machine.
Now Im trying to reproduce this in Cmder, but I havent been able to do that with one big command, nor 2 separate commands:
ssh -L 7183:localhost:7183 username_1#jump_server ssh -L 22:localhost:22 -N username_2#server_2 -vvv
This is only the last command I used as I tried interchanging ports and hosts without success.
2. Is the syntax different when I want to open port 12345 on my local machine and have it forwarded to port 21050 on server_2 or that would be remote tunneling?
Finally managed to achieve the 1. question with:
ssh username_1#jump_server -L 22:server_2:22 -N -vvv
ssh -L 7183:localhost:7183 username_2#localhost
Now Im albe to access the web interface from server_2 on my localhost:7183
I'm using SSH tunneling for the first time, so I'm trying to understand how to configure it.
I've got a remote Linux server that hosts a MySQL database that I'm trying to connect to. In order to access the MySQL database directly through a software that only recognizes local databases, I suppose SSH tunneling would be the right way to set up the access, correct?
Now, I'm trying to set up the tunneling on my 'home' computer which is running the software that's trying to access the MySQL database. My first question is whether this is reverse tunneling or normal tunneling? Secondly, is it local tunneling or remote tunneling?
Finally, from what I understand, my code is supposed to look something like
ssh -L 8080:mylinuxserver.mycompany.com:22 myuser#mylinuxserver.mycompany.com
Is this correct? Is my source port '22' since I'm using SSH and is my destination port 8080 (or is there something more appropriate)?
When I try to use the above code, I am able to login using my passphrase (since my key is already in the MyLinuxServer) but when I ping localhost:8080, it cannot find the host.
What am I doing wrong?
I've got a remote Linux server that hosts a MySQL database that I'm trying to connect to
The command should be:
ssh -L 8080:localhost:3306 myuser#mylinuxserver.mycompany.com
Where:
8080: is hte local port on your workstation
localhost: is corresponding to mylinuxserver.mycompany.com
3306: the MySQL port on above localhost.
then connect (from your workstation) to MySQL as:
mysql -h 127.0.0.1 --port=8080
Besides, ping localhost:8080 is wrong. Ping cannot work that way.
Try this:
ssh -f ssh_user#mylinuxserver.mycompany.com -L 3307:mysql1.example.com:3306 -N
Next, to access the mysql your trying to connect to:
mysql -h 127.0.0.1 -P 3307
Setup:
My computer (linux / unix) has an arbitrary IP address
I can connect to a central linux server which has a static ip
Remote linux systems are set up so they only respond to central server IP address on port 22
I want to port forward through the central server so I can use MySQLWorkbench and make python scripting connections on port 3306 to the remote systems.
Ideally, I would like the syntax for ssh command to make the port forwarding work;
Suppose I want to forward local port 3307 to 3306 on the remote system. Assume my ip is x.x.x.x, the central server IP is y.y.y.y, and the remote system IP is z.z.z.z;
I think it has something to do with ssh -L but I can only forward to the central server so far. Maybe I need to connect to the central server, set up forwarding there, then set up forwarding on my machine? I think functionality exists to do it with a single command using ssh.
If this is a duplicate, it should not be marked as such because without knowing what magic keyword to search for, you can't find the duplicate;
Clarification: port 3306 is NOT open on the remote server. Only 22
ssh -L :3307:z.z.z.z:3306 user#y.y.y.y -Nf
Works fine
or
ssh -L 3307:z.z.z.z:3306 user#y.y.y.y -Nf
To only bind to x.x.x.x's localhost
The first example binds to all interfaces
edit...
Just seen that z.z.z.z only has port 22 open.
on y.y.y.y you will also need to have a local port open
run on y.y.y.y
ssh -L 3307:localhost:3306 user#z.z.z.z -Nf
then on x.x.x.x
ssh -L 3307:localhost:3307 user#y.y.y.y -Nf
run these commands in a screen for best results
You can actually condense these 2 commands together
ssh -L 3307:localhost:3307 user#y.y.y.y -f 'ssh -L 3307:localhost:3306 user#z.z.z.z -Nf'
ssh -L <local-port-to-listen>:<remote-host>:<remote-port>
The āLā switch indicates that a local port forward is need to be created
Best method is to create the tunnel using putty (ssh client). so you can start the shell, and it will create the ssh tunnel for you. this is a good reference
https://howto.ccs.neu.edu/howto/windows/ssh-port-tunneling-with-putty/
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I want to rsync to a cluster node to which I usually connect passing through another system:
Say I connect first to
ssh user#bridge
and from there to
ssh user#clusternode
Now I want to rsync from my workstation to clusternode. I do the following:
I open a ssh tunnel
ssh -L8000:clusternode:8000 user#bridge
I rsync from my workstation to clusternode
rsync -e "ssh -p8000" source user#localhost:destination
and it does not work, I get
ssh_exchange_identification: Connection closed by remote host
Why does it not work? What do I have to do?
I have found a lot of information here:
http://toddharris.net/blog/2005/10/23/rsyncing-through-an-ssh-tunnel/
I think to understand that my problem is the second authentication between the bridge and the destination, so I changed to method 2 that is also not very elegant, but it works. I would like to try method 3, but I don't know how to configure a rsync daemon
Try this one-liner:
rsync -av -e "ssh -A root#proxy ssh" ./src root#target:/dst
Here's what worked for me.
I run a command in the background to tunnel to the remote host:
ssh -N -L 2222:remote.example.com:22 bridge.example.com&
then I rsync to localhost like this:
rsync -auve "ssh -p 2222" . me#localhost:/some/path
You should connect to the port 22 of clusternode, so the tunnel should look like
ssh -L localhost:8000:clusternode:22 user#bridge
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I spent to much time trying to do something which in plain words looks simple
I am at home, without firewall and all open ports. I need to ssh to the router at work where I have access to ssh port 22. My personal machine is on that subnet having internal ip address. So, what I need to do is to ssh from one machine to the second and from the second to the third. On the third I need to execute another ssh which tunnels some ports to my home machine. All that in bash script from my home. I have tried many solutions on the internet but nothing works.
The whole ideal is to get to my PC at work and run ssh tunnel for port 22 which will allow me to sshfs my work PC.
I could do it manually, by sshing to the router, that form the router to the work pc and then execute the ssh tunnel. I need a one-click solution.
Thanks in advance!
Have you tried just stacking the ssh commands like ssh -t localhost ssh localhost be sure to add the -t option for each hop except the last one ssh -t localhost ssh -t localhost ssh localhost
Maybe try VNC? With the right setup/port forwarding, you wouldn't have to jump from 1 PC to the next.