-1

Possible Duplicate:
SSH to a computer that will then SSH to another computer

I have 3 Linux machines A, B and C.

I can ssh from A to B; B to C but not from A to C directly because C is behind a firewall.

Is there a way that I can be able to ssh from A to C directly? I heard about tunneling but I don't know how. I have only root permission in A, but not B and C.

Community
  • 1
tlc
  • 117
  • 4

2 Answers2

1

You can set up an SSH tunnel from B to C like this:

ssh -L 50022:C:22 user@B

Where B and C are the respective addresses of those servers. Then you can connect directly to C by using the tunneled port:

ssh -p 50022 user@localhost

In this case, user is the user you want to connect to C as. The connection will be tunneled over the established ssh connection. B will connect to C and proxy the traffic.

(Note that the choice of port 50022 is arbitrary; you can pick anything that's not in use on your local machine.)

cdhowie
  • 362
  • 1
  • 8
  • I tried your method but it did not work :( – tlc Aug 28 '11 at 07:42
  • "Did not work" is not helpful diagnostic feedback. What step failed, and what error message was displayed? – cdhowie Aug 28 '11 at 07:43
  • first, who is the user@B? second, i don't see why you can ssh to localhost? (there is not a binding daemon, so you can't ssh to localhost in the second line) – tlc Aug 28 '11 at 07:49
  • `user@B` is the clause you use when connecting to host B. If your account name on host B is `bob`, and if B's IP address is 10.1.2.3 then it would be `bob@10.1.2.3`. And you can ssh to localhost because the `-L 50022:C:22` arguments will make the first ssh process listen on port 50022. – cdhowie Aug 28 '11 at 07:53
  • Thank you very much. Now I understand tunneling much better. One more quick question, looks like i should run the 1st command as a daemon, shouldn't I? because whenever I exit from B machine, I can't use 2nd command. – tlc Aug 28 '11 at 08:50
  • The tunnel will only last as long as the ssh connection, yes. Closing the first ssh session will also close the tunnel. Whether or not you daemonize the first process is up to you. – cdhowie Aug 28 '11 at 08:53
1

You can create a tunnel from A to C, through B.

From A: 

ssh -fgN -L 2222:C:22 B

The above command would run ssh in the background. It would connect you to B, start a tunnel listening on A, localhost, on port 2222, connecting to C port 22.

Now on A, you can ssh to C by using port 2222:

ssh -p 2222 localhost
lrhazi
  • 21
  • 4
  • I got this error :( channel 2: open failed: administratively prohibited: open failed ssh_exchange_identification: Connection closed by remote host – tlc Aug 28 '11 at 07:34