9

Let's assume the following hosts:

  • localhost : my laptop
  • remoteserver : a server with a public IP which runs a SSH server.
  • private.remoteserver : a server with a private IP which is only accessible from remoteserver.

I don't have sudo access to remoteserver, so I can't make changes with the root user.

The question is: Is it possible to access a port on private.remoteserver from remoteserver, in a single command?

I've played around a bit with ssh tunnels without luck. It would like to create an SSH alias to private.remoteserver as described in this article.

For example, I'd like to run from localhost:

curl http://private.remoteserver:8080/

to connect to port 8080 on private.remoteserver. Is this possible?

slm
  • 7,355
  • 16
  • 54
  • 72
David
  • 223
  • 1
  • 2
  • 6

2 Answers2

9

You haven't show us what you've tried so far, but something as simple as this should work:

ssh -L 8080:private.remoteserver:8080 remoteserver

Which would then let you run:

curl http://localhost:8080/

...which due to the port forwarding we just set up would actually connect to port 8080 on private.remoteserver.

If you want to be able to directly access http://private.remoteserver:8080/ from your client, you'll need to (a) set up some sort of proxy and (b) configure curl (or other software) to use the proxy. You can set up a SOCKS5 proxy with ssh using the -D option:

ssh -D 1080 remoteserver

And then you can:

curl --socks5-hostname http://private.remoteserver:8080/

Most web browsers (Firefox, Chrome) can also be configured to operate with a SOCKS5 proxy. If you search for "ssh dynamic forwarding" you'll find lots of good documentation, including this article from Ubuntu.

larsks
  • 41,276
  • 13
  • 117
  • 170
  • Thanks, the command ssh -L 18080:private.remoteserver:8080 -f -N user@remoteserver allows to me to curl on port 18080, but do is there a way to avoid to run 1 command like this (or 1 proxy per service) for each port I want to access on private.remoteserver? – David Aug 14 '13 at 13:23
  • Sure, that's what the dynamic proxy is all about. Take a look at the docs I linked to in the answer. – larsks Aug 14 '13 at 13:33
  • Yes, but I have to specify the proxy in all applications. I'd like to create an alias in /etc/hosts and get all traffic to this host fowarded through ssh tunnel. – David Aug 14 '13 at 14:46
  • I accept your answer, as it is valid for the question I originely asked. thanks. – David Aug 14 '13 at 14:48
3

Actually I solved my problem with sshuttle:

sshuttle --dns -HN -r user@remoteserver

No other proxy configuration required, then I can access any ports of the private IP :

curl http://private:8080/
David
  • 223
  • 1
  • 2
  • 6