-1

I need to consume a web service from my local computer but the web service allows only the predefined ip's so i need to consume the service via a middle host which has an ip defined to reach the web service host. So i need to do something like ssh tunnel hopping:

Local computer(mac) ---> middle host(ubuntu) ---> https soap web service
                    <---                     <---

My local computer is a mac, middle host is ubuntu linux and the service is a https service.

First i want to ask is this a possible scenarion?

Then what i've tried and what i've achieved:

I initiated a tunnel with ssh command:

ssh -L 8443:service_url:443 -Nf root@middle_host_ip

I'm using SoapUi app. to test the conenction but i got javax.net.ssl.sslexception connection reset error.

On the ssh connection side i got channel 2: open failed: connect failed: Name or service not known error.

The url i tried in SoapUi application are https://localhost:8443 and https://127.0.0.1:8443

I also updated the /etc/host file; to check if the problem was about it; as:

127.0.0.1       service_url
255.255.255.255 broadcasthost
::1             localhost

But i still got the same error.

Is there an easier way to test the connection and is there an obvious mistake i'm making?

Thanks.

Edit:

For testing i tried connecting to a non https server with the ssh command

ssh -L 8443:[regular_web_site_url]:80 [user]@[server_ip]

and in a web browser typed the url localhost:8443 and retrieved the web site succesfully.

But when i try to do the same for the https web service which i want to consume i get the error on the shell which i created the ssh connection: channel 3: open failed: connect failed: Name or service not known

And when i try to retriev a https web site, for testing purposes, i have the invalid certificate error even i change the /etc/hosts file as: 127.0.0.1 [https_web_site_url]

Why i'm trying to achieve this is i need to test a https web service which allows only the predefined ip's to consume so i need to connect to the middle host which has predefined ip for the service to be consumed.

Any help will be appreciated. Thanks again

gesus
  • 209
  • 1
  • 2
  • 5
  • 1
    `ssh` (and also the hosts file) uses only a DNS name, NOT a URL. "connect failed: Name or service not known" means your 'service_url' (which shouldn't be a URL) is wrong, and since that value too secret no one here can identify the problem. You'll have to figure out why it's wrong and fix it. For the 'working' site's cert to be accepted, you must use `https://realdomainname:8443/whatever` (not `localhost`) in the browser with `127.0.0.1 realdomainname` in hosts file (or equivalent local DNS like unbound or dnsmasq) – dave_thompson_085 May 02 '21 at 05:04

2 Answers2

1
ssh -L 8443:service_host:443 -Nf root@middle_host_ip

service_host can be an ip address or a fqdn.

Gerard H. Pille
  • 2,469
  • 1
  • 12
  • 10
1

Did you try to access a regular https website from your browser using the tunneling with the url https://127.0.0.1/8443? Maybe it helps for testing.

But i think you're going to have problems accessing a https website due to https certificate, you may need to update your /etc/hosts file.

Andrew Schulman
  • 8,561
  • 21
  • 31
  • 47
bsh
  • 11
  • 1