Thursday, August 27, 2009

Multi hop ssh tunnelling

localhost ----linkA----> gatewayhost ----linkB-----> remotehost

localport <========ssh============>remoteport

  1. Need to access remote service in remotehost (on remoteport) from localport in localhost (this quite be a database service to anhttp proxy service -- not much difference here)
  2. Both links A and B allow only SSH traffic (other ports are blocked)

Solution 1:

A simple

$ ssh -L localport:remotehost:remortport -N -f remoteuser@remotehost

would create an ssh tunnel on link A but not on link B . As both links allow only ssh traffic this will not work.

One solution is to use the ssh proxycommand option like this:

$ ssh -oproxycommand="ssh -qaxT gwuser@gatewayhost nc %h %p" -L 3128:localhost:9998 -p9999 remoteuser@remotehost -N -f

1 comment:

srimal said...

This thread will (hopefully) be followed up on