3

I am trying to ssh to remote Host B, but network access control governs I am only able to do this via Host A. How would I go about doing that?

Have tried creating a tunnel to Host A ssh -f -N -D 2222 user@hostA

Then when creating new ssh connections from Local specifying tunnel port to tunnel those connections, but cant get this working.. ssh -L 2222:hostB:22 hostA

Hosts involved: Local Host A (local intranet) Host B (internet)

Flow of traffic: Local > HostA > HostB

Any pointers would be super hand.. thanks in advance!

0rangutang
  • 33
  • 1
  • 3
  • Possible duplicate of [Tunnel SSH from A->B->C](http://serverfault.com/questions/332085/tunnel-ssh-from-a-b-c) – Jenny D Apr 12 '17 at 13:17

1 Answers1

5

Your thought of using a dynamic port forward for this will never work. Think through it logically - you need to open a local port that forwards from your local machine, through hostA, to port 22 on hostB. There are a couple of ways you can achieve this. First, the inelegant, manual way:

First, set up the tunnel:

$ ssh -L2222:hostB:22 user@hostA

Then, connect to hostB:

$ ssh -p 2222 user@localhost

The preferred option is to use the ssh client's ProxyCommand directive, which can automate this for you. Add something like this to your ~/.ssh/config:

host hostB
  Hostname hostB
  ProxyCommand ssh user@hostA nc %h %p 2> /dev/null

After doing this, you can do this:

$ ssh hostB

...and the ssh client will take care of everything for you.

EEAA
  • 108,414
  • 18
  • 172
  • 242
  • Dynamic port forward works great for something like this, just not in the way the OP is trying to use it. `ProxyCommand /usr/bin/nc -x 127.0.0.1:2222 %h %p` added to the config for hostB would allow `ssh hostB` to work, assuming the dynamic port has already been brought up. –  Apr 11 '17 at 00:46