I need to access the web server on a VM in my office, from my laptop. I have SSH access to an intermediate PC and from there to the VM.
Ie: Laptop -> PC -> VM
How do I set up a tunnel from laptop through PC to VM to give me access to port 80 on the VM?
If relevant: Each of the two SSh connections will require (different) user/password.
Mark
On Tue, Mar 28, 2017 at 09:02:26AM +0100, Mark Rogers wrote:
I need to access the web server on a VM in my office, from my laptop. I have SSH access to an intermediate PC and from there to the VM.
Ie: Laptop -> PC -> VM
How do I set up a tunnel from laptop through PC to VM to give me access to port 80 on the VM?
If relevant: Each of the two SSh connections will require (different) user/password.
I use an ssh tunnel to access a little system on my boat, the fundamental bit is that the system you're trying to access has to set up a tunnel by connecting 'outwards' with something like:-
ssh -R 50022:localhost:22 -N -l timetode shell.gridhost.co.uk
This command is run on the remote system, i.e. you'd run it on your machine in the office. In your case it would be:-
ssh -R 54321:localhost:80 -N yourlogin@intermediate.pc
as you want to get at port 80 rather than the default 22 for ssh.
I also connect via an intermediate machine, thus I have in my ssh .config file:-
host odin ProxyCommand ssh cheddar nc -q0 localhost 54321
where cheddar is the intermediate system.
I then simply say 'ssh odin' and it asks for two passwords, before connecting. I know this isn't quite everything for you because you are wanting to connect to port 80. I'm not sure *quite* where you'd enter the passwords.
On the remote (your office) system I use autossh to maintain the outgoing ssh tunnel. This requires passwordless access to the intermediate system if you want it to run unattended.
I hope this all makes some sense and helps, feel free to ask for more details or tell me I'm barking up the wrong tree because the difficult bit is getting it to work on port 80.
On 28 March 2017 at 09:23, Chris Green cl@isbd.net wrote:
On Tue, Mar 28, 2017 at 09:02:26AM +0100, Mark Rogers wrote:
I need to access the web server on a VM in my office, from my laptop. I have SSH access to an intermediate PC and from there to the VM.
Ie: Laptop -> PC -> VM
How do I set up a tunnel from laptop through PC to VM to give me access to port 80 on the VM?
I use an ssh tunnel to access a little system on my boat, the fundamental bit is that the system you're trying to access has to set up a tunnel by connecting 'outwards' with something like:-
I'm not sure if I explained what I wanted badly, or I'm not properly understanding the answers, as everyone has (I think, anyway) answered in a pretty similar vein...
I am sat at my laptop (A), from which I can SSH to my desktop (B). If I were sat at my desktop (or indeed connected to it via SSH) I could SSH from it to the VM (C).
So I can SSH from A to B, and from B to C, but not directly from A to C.
I "know" (as in I have done it before and I can find instructions online, but I'm not an expert!) how to use the connection from A to B to give me access to a webserver on B. But I don't know how to put all these bits together so that I can get from A to B to C, and get myself access to port 80 on C.
[It happens in this case that B and C are on the same LAN, but at some point I need to be able to do this if C is somewhere else entirely but secured to only accept SSH connections from B, thus making it impossible to go directly from A to C. OpenVPN or similar would of-course solve the issue for B&C on the same LAN, but not the more general case.]
So, am I misunderstanding the answers or had (have?) I mis-phrased the question?
Mark
On Tue, Mar 28, 2017 at 11:38:05AM +0100, Mark Rogers wrote:
On 28 March 2017 at 09:23, Chris Green cl@isbd.net wrote:
On Tue, Mar 28, 2017 at 09:02:26AM +0100, Mark Rogers wrote:
I need to access the web server on a VM in my office, from my laptop. I have SSH access to an intermediate PC and from there to the VM.
Ie: Laptop -> PC -> VM
How do I set up a tunnel from laptop through PC to VM to give me access to port 80 on the VM?
I use an ssh tunnel to access a little system on my boat, the fundamental bit is that the system you're trying to access has to set up a tunnel by connecting 'outwards' with something like:-
I'm not sure if I explained what I wanted badly, or I'm not properly understanding the answers, as everyone has (I think, anyway) answered in a pretty similar vein...
I am sat at my laptop (A), from which I can SSH to my desktop (B). If I were sat at my desktop (or indeed connected to it via SSH) I could SSH from it to the VM (C).
So I can SSH from A to B, and from B to C, but not directly from A to C.
I "know" (as in I have done it before and I can find instructions online, but I'm not an expert!) how to use the connection from A to B to give me access to a webserver on B. But I don't know how to put all these bits together so that I can get from A to B to C, and get myself access to port 80 on C.
[It happens in this case that B and C are on the same LAN, but at some point I need to be able to do this if C is somewhere else entirely but secured to only accept SSH connections from B, thus making it impossible to go directly from A to C. OpenVPN or similar would of-course solve the issue for B&C on the same LAN, but not the more general case.]
So, am I misunderstanding the answers or had (have?) I mis-phrased the question?
Isn't the bit you need then the bit in the configuration file I sent:-
Host odin2 ProxyCommand ssh isbd nc -q0 localhost 51236
This automates the process of using the intermediate system and makes it 'transparent'. Once set up like this anything that uses an underlying ssh connection can do it from A -> C (using B as an intermediate stage). E.g. I can 'scp afile odin2:' and it works without me 'knowing' it's going via the intermediate system. It will, if necessary ask for passwords of course.
On 28/03/17 09:02, Mark Rogers wrote:
I need to access the web server on a VM in my office, from my laptop. I have SSH access to an intermediate PC and from there to the VM.
Ie: Laptop -> PC -> VM
How do I set up a tunnel from laptop through PC to VM to give me access to port 80 on the VM?
If relevant: Each of the two SSh connections will require (different) user/password.
As ever, there's some decent documentation on Digital Ocean:
https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-tunneling...
More information than you'll need, I suspect!
Cheers, Laurie.
On Tue, 28 Mar 2017 09:02:26 +0100 Mark Rogers mark@more-solutions.co.uk allegedly wrote:
I need to access the web server on a VM in my office, from my laptop. I have SSH access to an intermediate PC and from there to the VM.
Ie: Laptop -> PC -> VM
How do I set up a tunnel from laptop through PC to VM to give me access to port 80 on the VM?
If relevant: Each of the two SSh connections will require (different) user/password.
Mark
I wrote about something similar in 2013 https://baldric.net/2013/03/26/using-an-ssh-reverse-tunnel-to-bypass-nat-fir...
maybe that will help. You could ogf course also use OpenVPN (which I refer to in the above post.
Cheers
Mick
--------------------------------------------------------------------- Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 http://baldric.net
---------------------------------------------------------------------
On 28/03/17 10:40, mick wrote:
[SNIP]
I wrote about something similar in 2013 https://baldric.net/2013/03/26/using-an-ssh-reverse-tunnel-to-bypass-nat-fir...
maybe that will help. You could ogf course also use OpenVPN (which I refer to in the above post.
Cheers
Mick
Firefox doesn't like your site very much:
---- cut here ---- Your connection is not secure
The owner of baldric.net has configured their web site improperly. To protect your information from being stolen, Firefox has not connected to this web site. ---- cut here ----
Cheers, Laurie.
On Tue, 28 Mar 2017 11:02:42 +0100 Laurie Brown laurie@brownowl.com allegedly wrote:
On 28/03/17 10:40, mick wrote:
[SNIP]
I wrote about something similar in 2013 https://baldric.net/2013/03/26/using-an-ssh-reverse-tunnel-to-bypass-nat-fir...
maybe that will help. You could ogf course also use OpenVPN (which I refer to in the above post.
Cheers
Mick
Firefox doesn't like your site very much:
That's because I use a self signed certificate on the TLS connection (which I use by default and will thus have appeared in my cut and paste URL). Try connecting over plain HTTP and all will be fine.
(I object strongly to the CA model, but I use TLS encryption to protect my credentials when I log in to my site).
See http://baldric.net/2013/09/12/add-ssl-to-lighttpd-server/
Cheers
Mick
--------------------------------------------------------------------- Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 http://baldric.net
---------------------------------------------------------------------
-
Chris Green -
Laurie Brown -
Mark Rogers -
mick