On Tue, Mar 28, 2017 at 11:38:05AM +0100, Mark Rogers wrote:
On 28 March 2017 at 09:23, Chris Green cl@isbd.net wrote:
On Tue, Mar 28, 2017 at 09:02:26AM +0100, Mark Rogers wrote:
I need to access the web server on a VM in my office, from my laptop. I have SSH access to an intermediate PC and from there to the VM.
Ie: Laptop -> PC -> VM
How do I set up a tunnel from laptop through PC to VM to give me access to port 80 on the VM?
I use an ssh tunnel to access a little system on my boat, the fundamental bit is that the system you're trying to access has to set up a tunnel by connecting 'outwards' with something like:-
I'm not sure if I explained what I wanted badly, or I'm not properly understanding the answers, as everyone has (I think, anyway) answered in a pretty similar vein...
I am sat at my laptop (A), from which I can SSH to my desktop (B). If I were sat at my desktop (or indeed connected to it via SSH) I could SSH from it to the VM (C).
So I can SSH from A to B, and from B to C, but not directly from A to C.
I "know" (as in I have done it before and I can find instructions online, but I'm not an expert!) how to use the connection from A to B to give me access to a webserver on B. But I don't know how to put all these bits together so that I can get from A to B to C, and get myself access to port 80 on C.
[It happens in this case that B and C are on the same LAN, but at some point I need to be able to do this if C is somewhere else entirely but secured to only accept SSH connections from B, thus making it impossible to go directly from A to C. OpenVPN or similar would of-course solve the issue for B&C on the same LAN, but not the more general case.]
So, am I misunderstanding the answers or had (have?) I mis-phrased the question?
Isn't the bit you need then the bit in the configuration file I sent:-
Host odin2 ProxyCommand ssh isbd nc -q0 localhost 51236
This automates the process of using the intermediate system and makes it 'transparent'. Once set up like this anything that uses an underlying ssh connection can do it from A -> C (using B as an intermediate stage). E.g. I can 'scp afile odin2:' and it works without me 'knowing' it's going via the intermediate system. It will, if necessary ask for passwords of course.