12

Possible Duplicate:
How to configure a shortcut for an SSH connection through a SSH tunnel

I have a situation where I would like to have SSH/SFTP access from my workstation to a server that is not directly accessable from my workstation. I do have ssh access to a computer that is on the network which can then ssh to the server in question.

How can I accomplish this?

Community
  • 1
uprise
  • 137
  • 1
  • 5

9 Answers9

13

Use the ProxyCommand ssh config variable.

Host inaccessible
ProxyCommand ssh accessible nc -w1 %h %p

This post even explains a way to use a generic config so ssh host1/host2 automatically jumps hosts for you.

Update: Fixed the hostnames in the config snippet as per toppledwagon's comment.

jamessan
  • 241
  • 1
  • 5
  • +1, that post for a generic option is very useful. I didn't know that was possible. I can use that to drastically simplify my ssh config file. – Zoredache Dec 04 '09 at 18:13
  • 1
    Actually, that example is backwards. Host inaccessible ProxyCommand ssh accessible "nc %h %p" – toppledwagon Dec 04 '09 at 22:45
5

Use ssh tunnels, of course.

Pablo Santa Cruz
  • 1,084
  • 4
  • 18
  • 24
3

You can also do: ssh -t remotelyaccsbl ssh notremotelyaccsbl

jbroome
  • 121
  • 1
  • Would it be possible to make a shortcut for this via .ssh/config so one could simply use ssh notremotelyaccsbl? – sigjuice Dec 22 '09 at 16:17
1

I think this answer might be what you are looking for:

How to configure a shortcut for an SSH connection through a SSH tunnel

Community
  • 1
smoak
  • 646
  • 2
  • 7
  • 13
1

  1. Open tunnel:

    ssh -qTfnN -D 4040 -C login@remotely-accessible-host

  2. Set up SOCKS5 on localhost with 4040 port in cyberduck

  3. Connect to computer you want access to

    • q - quiet
    • T - without tty
    • f - move to background
    • N - not execute remote commands
    • n - redirect input to /dev/null.
Mad_Dud
  • 268
  • 4
  • 10
1

WinSCP directly supports connection through an ssh tunnel. Perhaps one of the MacOS clients also provide such functionality?

Roy
  • 4,256
  • 4
  • 35
  • 50
0

If SSH tunnels are not available to you (they can be disabled server-side), then could you reverse the FTP connection?

If your local machine can be seen via SSH on a publicly routable IP address and the inaccessible machine can see the outside world then

  1. SSH to remotelyaccessible
  2. from there SSH to notaccessible
  3. from there use the command-line SCP/SFTP clients to pick up files on your local filesystem

This probably isn't something you are going to be able to automate easily though, so if you have tunnels available use that method instead.

David Spillett
  • 22,534
  • 42
  • 66
0

Thanks for all the leads. After playing around with a few options the following setup seems to be the easiest:

  • Downloaded a really nice program call SSHTunnel (highly recommended)
  • Setup my known host in the Servers section of SSHTunnel
  • Setup my desired ports in the Services section
  • Green light shows up letting me know the tunnel is up
  • Use SFTP client (Cyberduck or Fugu) to connect to 127.0.0.1 using the local port set in the Services of SSHTunnel
uprise
  • 137
  • 1
  • 5
0

An alternative solution: port forwarding using socat

On the accessible machine, install socat if it is not already installed, and run it like this:

% socat tcp4-listen:1111,fork tcp4:inaccessible:2222

This is basically a port forward. You connect to accessible machine at port 1111 and it will connects you to port 2222 on inaccessible machine. fork will keep socat spawn new process for each connection.

mefat
  • 391
  • 2
  • 4