Tunneling data over SSH is pretty straight-forward:
ssh -D9999 username@example.com
sets up port 9999 on your localhost
as a tunnel to example.com
, but I have a more specific need:
- I am working locally on
localhost
host1
is accessible tolocalhost
host2
only accepts connections fromhost1
- I need to create a tunnel from
localhost
tohost2
Effectively, I want to create a "multi-hop" SSH tunnel. How can I do this? Ideally, I'd like to do this without needing to be superuser on any of the machines.
Answer
You basically have three possibilities:
Tunnel from
localhost
tohost1
:ssh -L 9999:host2:1234 -N host1
As noted above, the connection from
host1
tohost2
will not be secured.Tunnel from
localhost
tohost1
and fromhost1
tohost2
:ssh -L 9999:localhost:9999 host1 ssh -L 9999:localhost:1234 -N host2
This will open a tunnel from
localhost
tohost1
and another tunnel fromhost1
tohost2
. However the port9999
tohost2:1234
can be used by anyone onhost1
. This may or may not be a problem.Tunnel from
localhost
tohost1
and fromlocalhost
tohost2
:ssh -L 9998:host2:22 -N host1
ssh -L 9999:localhost:1234 -N -p 9998 localhostThis will open a tunnel from
localhost
tohost1
through which the SSH service onhost2
can be used. Then a second tunnel is opened fromlocalhost
tohost2
through the first tunnel.
Normally, I'd go with option 1. If the connection from host1
to host2
needs to be secured, go with option 2. Option 3 is mainly useful to access a service on host2
that is only reachable from host2
itself.
No comments:
Post a Comment