[ALUG] SSH tunnelling
cl at isbd.net
Tue Mar 28 12:12:31 BST 2017
On Tue, Mar 28, 2017 at 11:38:05AM +0100, Mark Rogers wrote:
> On 28 March 2017 at 09:23, Chris Green <cl at isbd.net> wrote:
> > On Tue, Mar 28, 2017 at 09:02:26AM +0100, Mark Rogers wrote:
> > > I need to access the web server on a VM in my office, from my laptop.
> > > I have SSH access to an intermediate PC and from there to the VM.
> > >
> > > Ie: Laptop -> PC -> VM
> > >
> > > How do I set up a tunnel from laptop through PC to VM to give me
> > > access to port 80 on the VM?
> > I use an ssh tunnel to access a little system on my boat, the
> > fundamental bit is that the system you're trying to access has to set up
> > a tunnel by connecting 'outwards' with something like:-
> I'm not sure if I explained what I wanted badly, or I'm not properly
> understanding the answers, as everyone has (I think, anyway) answered
> in a pretty similar vein...
> I am sat at my laptop (A), from which I can SSH to my desktop (B). If
> I were sat at my desktop (or indeed connected to it via SSH) I could
> SSH from it to the VM (C).
> So I can SSH from A to B, and from B to C, but not directly from A to C.
> I "know" (as in I have done it before and I can find instructions
> online, but I'm not an expert!) how to use the connection from A to B
> to give me access to a webserver on B. But I don't know how to put all
> these bits together so that I can get from A to B to C, and get myself
> access to port 80 on C.
> [It happens in this case that B and C are on the same LAN, but at some
> point I need to be able to do this if C is somewhere else entirely but
> secured to only accept SSH connections from B, thus making it
> impossible to go directly from A to C. OpenVPN or similar would
> of-course solve the issue for B&C on the same LAN, but not the more
> general case.]
> So, am I misunderstanding the answers or had (have?) I mis-phrased the question?
Isn't the bit you need then the bit in the configuration file I sent:-
ProxyCommand ssh isbd nc -q0 localhost 51236
This automates the process of using the intermediate system and makes
it 'transparent'. Once set up like this anything that uses an
underlying ssh connection can do it from A -> C (using B as an
intermediate stage). E.g. I can 'scp afile odin2:' and it works
without me 'knowing' it's going via the intermediate system. It will,
if necessary ask for passwords of course.
More information about the main