[kwlug-disc] ssh and port forwarding
Robert P. J. Day
rpjday at crashcourse.ca
Mon Dec 15 14:30:33 EST 2008
On Mon, 15 Dec 2008, Rashkae wrote:
> Rashkae wrote:
> > Robert P. J. Day wrote:
> >> i have the following scenario:
> >> host1 <----------> host2 <---------> host3
> >> (ME)
> >> i want to be able to do the following from host1:
> >> 1) ssh directly and normally to host2 (trivial)
> >> 2) using host2 as a gateway, ssh from host1 to get to host3
> >> from the perspective of host1, host2 will be visible (through a
> >> corporate VPN, but still visible). host3, on the other hand, will be
> >> "hiding" behind host2 on a totally different and internal network, so
> >> i have to use someone else as a gateway -- direct ssh from host1 to
> >> host3 is out of the question.
> >> assume the normal stuff: that host1 has an ssh client, and both
> >> host2 and host3 are running an ssh server of some kind (probably
> >> dropbear, actually), and that the ssh server on host2 is set up to do
> >> port forwarding.
> >> i've seen two solutions (local and remote forwarding) that involves
> >> doing all the work on host1 but i'd rather not do that -- i'd rather
> >> keep life on host1 simple, and centralize the forwarding configuration
> >> at host2. so, as i read it, the direct ssh from host1 to host2 will
> >> still work fine, but what do i do at host2?
> >> since host2 *will* be running dropbear, as i read, first, on host2,
> >> i'll invoke:
> >> # dropbear -a
> >> so that dropbear is running in port forwarding mode.
> >> in addition, on host2, i'll have to run:
> >> # dbclient -L 1234:localhost:22 host3
> >> does that make sense? so i can ssh from host1 to host2 normally, but
> >> if i want to sh from host1 to host3, i'll invoke:
> >> $ ssh host2 1234
> >> which will get me to host2, which will then forward me on to port 22
> >> on host3. am i on the right path here? thanks.
> After typing all of that previous message, I just realized what you are
> trying to do.. (duh moment for the day), and yes, you are absolutely
> correct. You can just ignore everything I wrote earlier.
good, i was suddenly really worried. actually, i tried the above
and it appears to work. go figure.
Robert P. J. Day
Linux Consulting, Training and Annoying Kernel Pedantry:
Have classroom, will lecture.
http://crashcourse.ca Waterloo, Ontario, CANADA
More information about the kwlug-disc_kwlug.org