[kwlug-disc] ssh and port forwarding

Robert P. J. Day rpjday at crashcourse.ca
Mon Dec 15 12:48:58 EST 2008

  i have the following scenario:

  host1  <---------->  host2  <--------->  host3

i want to be able to do the following from host1:

  1) ssh directly and normally to host2 (trivial)
  2) using host2 as a gateway, ssh from host1 to get to host3

from the perspective of host1, host2 will be visible (through a
corporate VPN, but still visible).  host3, on the other hand, will be
"hiding" behind host2 on a totally different and internal network, so
i have to use someone else as a gateway -- direct ssh from host1 to
host3 is out of the question.

  assume the normal stuff: that host1 has an ssh client, and both
host2 and host3 are running an ssh server of some kind (probably
dropbear, actually), and that the ssh server on host2 is set up to do
port forwarding.

  i've seen two solutions (local and remote forwarding) that involves
doing all the work on host1 but i'd rather not do that -- i'd rather
keep life on host1 simple, and centralize the forwarding configuration
at host2.  so, as i read it, the direct ssh from host1 to host2 will
still work fine, but what do i do at host2?

  since host2 *will* be running dropbear, as i read, first, on host2,
i'll invoke:

   # dropbear -a

so that dropbear is running in port forwarding mode.

  in addition, on host2, i'll have to run:

  # dbclient -L 1234:localhost:22 host3

does that make sense?  so i can ssh from host1 to host2 normally, but
if i want to sh from host1 to host3, i'll invoke:

  $ ssh host2 1234

which will get me to host2, which will then forward me on to port 22
on host3.  am i on the right path here?  thanks.


Robert P. J. Day
Linux Consulting, Training and Annoying Kernel Pedantry:
    Have classroom, will lecture.

http://crashcourse.ca                          Waterloo, Ontario, CANADA

More information about the kwlug-disc mailing list