[kwlug-disc] Using SSH to authenticate

Richard Weait richard at weait.com
Sat Mar 13 16:14:23 EST 2010


On Sat, Mar 13, 2010 at 2:49 PM, Paul Nijjar <paul_nijjar at yahoo.ca> wrote:
>
> I don't have the vocabulary to explain this question clearly, so
> please bear with me (and tell me what vocabulary I should be using).
>
> Say I have three hosts:
>  - HomeHost, which is my main machine. I have root on this machine if
>    I need it.
>  - RelayHost, which has a slow, laggy connection. I have a regular
>    user account on this.
>  - TargetHost, which is the machine where I want to work. I have a
>    regular user account on this machine.
>
> My end goal is to make a connection from HomeHost -> TargetHost.
> However, I only have permission (via SSH whitelisting or whatever) to
> make a connection from RelayHost -> TargetHost.
>
> One possibility is to make an SSH connection from HomeHost ->
> RelayHost, and then SSH from RelayHost -> TargetHost . But since
> RelayHost is slow and laggy, my experience will be frustrating.
>
> Is there some SSH (or other) magic that I can use to make a direct
> connection from HomeHost -> TargetHost without the packets needing to
> go through RelayHost?
>
> I have a feeling this topic was covered during one of those bits of
> Raul's presentation I did not understand very well, but I am not sure.

The quick and dirty is to

ssh pauln at RelayHost, then from there,
ssh pauln at TargetHost

The "right answer" sounds like a job for "-L" to me.  IIRC,

>From HomeHost
ssh -L 22:TargetHost:22 pauln at RelayHost

-L 22:TargetHost:22 is resolved after the connection to RelayHost, and
refers to incoming local port number: and :destination port number.
You will need root on RelayHost to use privileged local port?

This needs better examples than the following.

http://www.ssh.com/support/documentation/online/ssh/winhelp/32/Local_And_Remote_Forwarding.html

And please note the IIRC.



More information about the kwlug-disc_kwlug.org mailing list