[kwlug-disc] ssh and port forwarding

Robert P. J. Day rpjday at crashcourse.ca
Mon Dec 15 14:32:29 EST 2008 

On Mon, 15 Dec 2008, Richard Weait wrote:

> On Mon, 2008-12-15 at 12:48 -0500, Robert P. J. Day wrote:
> > i have the following scenario:
> >
> >   host1  <---------->  host2  <--------->  host3
> >   (ME)
> >
> > i want to be able to do the following from host1:
> >
> >   1) ssh directly and normally to host2 (trivial)
> >   2) using host2 as a gateway, ssh from host1 to get to host3
> >
> > from the perspective of host1, host2 will be visible (through a
> > corporate VPN, but still visible).  host3, on the other hand, will be
> > "hiding" behind host2 on a totally different and internal network, so
> > i have to use someone else as a gateway -- direct ssh from host1 to
> > host3 is out of the question.
> >
> >   assume the normal stuff: that host1 has an ssh client, and both
> > host2 and host3 are running an ssh server of some kind (probably
> > dropbear, actually), and that the ssh server on host2 is set up to do
> > port forwarding.
> >
> >   i've seen two solutions (local and remote forwarding) that involves
> > doing all the work on host1 but i'd rather not do that -- i'd rather
> > keep life on host1 simple, and centralize the forwarding configuration
> > at host2.  so, as i read it, the direct ssh from host1 to host2 will
> > still work fine, but what do i do at host2?
> >
> >   since host2 *will* be running dropbear, as i read, first, on host2,
> > i'll invoke:
> >
> >    # dropbear -a
> >
> > so that dropbear is running in port forwarding mode.
> >
> >   in addition, on host2, i'll have to run:
> >
> >   # dbclient -L 1234:localhost:22 host3
> >
> > does that make sense?  so i can ssh from host1 to host2 normally, but
> > if i want to sh from host1 to host3, i'll invoke:
> >
> >   $ ssh host2 1234
> >
> > which will get me to host2, which will then forward me on to port 22
> > on host3.  am i on the right path here?  thanks.
>
> You lost me at, "i've seen two solutions (local and remote forwarding)
> that involves doing all the work on host1 but i'd rather not do that"  I
> believe I did what you're avoiding, by running everything from host1.
> Also I used plain ssh, not dropbear.

  in the dropbear space, dropbear == sshd and dbclient == ssh.

> ssh -N -L2222:host3:22 host2 & # to set up the forward from host 2 to
> host 3
> then from host1 again
> ssh localhost:2222 # to get to host three.
>
> That help at all?

  i was already aware of that solution -- it involves setting up all
the forwarding at the original client host.  i was after a solution
that configured the forwarding at the (intermediate) gateway, and i
think what i described actually works.  i'll keep testing it to make
sure.

rday
--

========================================================================
Robert P. J. Day
Linux Consulting, Training and Annoying Kernel Pedantry:
    Have classroom, will lecture.

http://crashcourse.ca                          Waterloo, Ontario, CANADA
========================================================================

More information about the kwlug-disc mailing list