sftp through other ssh server (proxy like)

When I access a server from my local network, I first have to connect to my main server (all ports go to this machine) and when I'm on my main server, I have to connect to my next machine (which is only available from my local network).

Example:

name@mylaptop:~$ ssh name@example.com
[Entering Password]
Logged in
name@mainserver:~$ ssh 192.168.0.1
[Entering password]
Logged in
name@otherserver:~$

What I want to do now is connecting with FileZilla to the main server and "proxiyng" to the "otherserver". How can I tell FileZilla to use a command at the beginning? Or is this even possible?

feedc0de

Posted 2013-09-08T18:52:50.147

Reputation: 113

Answers

I know this question was asked a few months ago - but when searching for answers to a similar requirement I had I found use of OpenSSH's ProxyCommand very helpful.

I have something like the following setup in my local client config file (I in fact needed three hops to get to my target: external server-> router -> target box on private network)

In file ~/.ssh/config

Host myexternalserver
  User username1
  IdentityFile <key file for username1@myexternalserver>
  Hostname myexternalserver.fully.qualified.name

Host myrouter
  Hostname myrouter.fully.qualified.name
  User root
  IdentityFile <key file for root@myrouter>
  ProxyCommand ssh -q myexternalserver nc %h %p

Host mytarget
  Hostname mytarget.private.name
  User username2
  IdentityFile <key file for username2@mytarget>
  ProxyCommand ssh -q myrouter nc %h %p

This chain means I can just type

ssh mytarget

and be sent through the required hops.

All the key files are stored locally so you don't need to put files on external servers. The same config even works for scp:

scp <localfile> mytarget:<remotepath>

A number of alternative approaches to ssh proxying are documented on the following wikibooks page: http://en.wikibooks.org/wiki/OpenSSH/Cookbook/Proxies_and_Jump_Hosts

AlexMF

Posted 2013-09-08T18:52:50.147

Reputation: 46

You could set up port fowarding to your internal server.

name@mainserver:~$ sudo iptables -t nat -A PREROUTING -i <outward facing interface> -p tcp --dport 2222 -j DNAT --to-dest <other server's ip>:22

This would route incoming connections on port 2222 on the main server to port 22 on the internal server. Then, you would just connect to example.com on port 2222.

Another option is to use SSH port forwarding.

name@mylaptop:~$ ssh name@example.com -L 2222:<other server's IP>:22

As long as this SSH session is open, port 2222 on your local computer will route to port 22 on the internal server. Then you would connect to localhost on port 2222.

hololeap

Posted 2013-09-08T18:52:50.147

Reputation: 951