SSH "reverse" ProxyCommand

3

1

Normally you have a setup like:

Workstation -> Firewall -> Server

Were your Workstation cannot contact Server directly, but has to use log in into Firewall first in order to contact Server. In this "easy" setup you can use this setting on your workstation:

Host server
    ProxyCommand ssh firewall nc %h %p

Now my question:

The setup that was forced upon me is more difficult:

Workstation -> Intermediate <- Server
  • I.e. my Workstation can log in into Intermediate and Server can log in into Intermediate.
  • Intermediate cannot open a TCP connection to Server, but the other direction is possible.
  • I cannot open a TCP connection in either direction between my Workstation and the Server. The packets simply won't be routed in the VLAN.
  • I can "physically" access the Server, but I'd like to sit at my Workstation.

Now, how can I SSH from my machine to the server?

kay - SE is evil

Posted 2014-05-27T13:17:33.310

Reputation: 151

Answers

5

Using ssh tunneling it is fairly easy; first go to your Server machine and run:

ssh -R 2222:localhost:22 intermediateuser@Intermediate

this opens port 2222 on intermediate machine, reverse forwarding connections to port 22 on the server.

Then you can 

ssh user@Intermediate

and from there

ssh serveruser@localhost -p 2222

Or alternatively, you might bring port 2222 on Intermediate to your workstation with:

ssh -L 2222:localhost:2222 intermediateuser@Intermediate

then:

ssh serveruser@localhost -p 2222

guido

Posted 2014-05-27T13:17:33.310

Reputation: 733

Asked: 2014-05-27T13:17:33.310

Viewed: 743 times

Active: 2014-05-27T13:39:25.853