[kwlug-disc] Using SSH to authenticate
richard at weait.com
Sat Mar 13 18:45:40 EST 2010
Thought I'd fill out the example a little more because this Just Isn't
Intuitive To Me. I've tested this now and it Works For Me.
# set up the tunnel without privileged users
# the tunnel is from HomeHost port 2222 to TargetHost port 22
# we assume RelayHost is listening on 22, otherwise add -p RelayHostPortNum
ssh -L 2222:TargetHost:22 RelayUser at RelayHost
# response is prompt for RelayUser password:
# this terminal will offer a prompt on RelayHost.
# leave this connection open
# open another terminal on _HomeHost_
# ssh to your side of the tunnel
ssh localhost -p 2222
# this terminal will prompt for "localhost" password
# but the tunnel means that localhost:2222 is actually
# TargetHost:22. Reply with TargetHost password.
There must be an option to open the tunnel in the background that
removes the requirement for a second console but I'll leave that as a
pro tip for somebody else.
More information about the kwlug-disc_kwlug.org