[kwlug-disc] Using SSH to authenticate

Richard Weait richard at weait.com
Sat Mar 13 16:14:23 EST 2010

On Sat, Mar 13, 2010 at 2:49 PM, Paul Nijjar <paul_nijjar at yahoo.ca> wrote:
> I don't have the vocabulary to explain this question clearly, so
> please bear with me (and tell me what vocabulary I should be using).
> Say I have three hosts:
>  - HomeHost, which is my main machine. I have root on this machine if
>    I need it.
>  - RelayHost, which has a slow, laggy connection. I have a regular
>    user account on this.
>  - TargetHost, which is the machine where I want to work. I have a
>    regular user account on this machine.
> My end goal is to make a connection from HomeHost -> TargetHost.
> However, I only have permission (via SSH whitelisting or whatever) to
> make a connection from RelayHost -> TargetHost.
> One possibility is to make an SSH connection from HomeHost ->
> RelayHost, and then SSH from RelayHost -> TargetHost . But since
> RelayHost is slow and laggy, my experience will be frustrating.
> Is there some SSH (or other) magic that I can use to make a direct
> connection from HomeHost -> TargetHost without the packets needing to
> go through RelayHost?
> I have a feeling this topic was covered during one of those bits of
> Raul's presentation I did not understand very well, but I am not sure.

The quick and dirty is to

ssh pauln at RelayHost, then from there,
ssh pauln at TargetHost

The "right answer" sounds like a job for "-L" to me.  IIRC,

>From HomeHost
ssh -L 22:TargetHost:22 pauln at RelayHost

-L 22:TargetHost:22 is resolved after the connection to RelayHost, and
refers to incoming local port number: and :destination port number.
You will need root on RelayHost to use privileged local port?

This needs better examples than the following.


And please note the IIRC.

More information about the kwlug-disc mailing list