[kwlug-disc] ssh and port forwarding
rashkae at tigershaunt.com
Mon Dec 15 14:11:18 EST 2008
> Robert P. J. Day wrote:
>> i have the following scenario:
>> host1 <----------> host2 <---------> host3
>> i want to be able to do the following from host1:
>> 1) ssh directly and normally to host2 (trivial)
>> 2) using host2 as a gateway, ssh from host1 to get to host3
>> from the perspective of host1, host2 will be visible (through a
>> corporate VPN, but still visible). host3, on the other hand, will be
>> "hiding" behind host2 on a totally different and internal network, so
>> i have to use someone else as a gateway -- direct ssh from host1 to
>> host3 is out of the question.
>> assume the normal stuff: that host1 has an ssh client, and both
>> host2 and host3 are running an ssh server of some kind (probably
>> dropbear, actually), and that the ssh server on host2 is set up to do
>> port forwarding.
>> i've seen two solutions (local and remote forwarding) that involves
>> doing all the work on host1 but i'd rather not do that -- i'd rather
>> keep life on host1 simple, and centralize the forwarding configuration
>> at host2. so, as i read it, the direct ssh from host1 to host2 will
>> still work fine, but what do i do at host2?
>> since host2 *will* be running dropbear, as i read, first, on host2,
>> i'll invoke:
>> # dropbear -a
>> so that dropbear is running in port forwarding mode.
>> in addition, on host2, i'll have to run:
>> # dbclient -L 1234:localhost:22 host3
>> does that make sense? so i can ssh from host1 to host2 normally, but
>> if i want to sh from host1 to host3, i'll invoke:
>> $ ssh host2 1234
>> which will get me to host2, which will then forward me on to port 22
>> on host3. am i on the right path here? thanks.
After typing all of that previous message, I just realized what you are
trying to do.. (duh moment for the day), and yes, you are absolutely
correct. You can just ignore everything I wrote earlier.
More information about the kwlug-disc