2
1
What I have is the same as this question SSH tunnel through two servers to access a web service on port 9091 (mainly because I asked that question).
But the difference now is that I'm accessing it from a Chromebook which cannot use ProxyCommand
. All it got is the base NaCl shell running in a sandboxed Chrome tab.
This is the "shell app" that runs it: https://chrome.google.com/webstore/detail/secure-shell/pnhechapfaindjhompbnflcldabbghjo?utm_source=chrome-app-launcher-info-dialog
This is the FAQ with complete information about it. https://chromium.googlesource.com/apps/libapps/+/master/nassh/doc/faq.txt
So a review from my previous question:
I got 3 machines:
remotePi
(raspberry PI, somewhere in the world)localPi
(another raspberry PI, in my local network, I have full access to it, including root, no monitor, no kb, running as headless server)Chromebook
(my local machine, which is a Chromebook on the same local network aslocalPi
, limited but does have the SSH as per links above).
remotePi
have a constant SSH tunnel to localPi
, it does it by calling the following command
ssh -N -R 16864:localhost:22 -p 2222 <user_on_lan>@<external_lan_ip>
I can access remotePi
terminal by doing
Chromebook> ssh <user_on_localPi>@<localPI_ip>
localPi> ssh -l <user_on_remotePi> -p 16846 localhost
And in remotePi
I have a daemon service (web interface) listening on 9091
.
a "drawing" of everything:
16864:tunnel:22 9091:service
Chromebook <--local_net--> localPi <--internet--> remotePi
So what I need is:
Access the daemon service web interface in remotePi by calling on my
Chromebook
browser127.0.0.1:9091/web/
On my previous computer (shown on the linked question, ubuntu laptop) I was doing it by using ProxyCommand
on my config and calling ssh -L9091:localhost:9091 user_on_remotePi@remotePi -N
, but now I'm on a Chromebook that can't use it and I believe there must be a way to do it anyway.
So I was wondering about 2 possible solutions:
some very clever and long SSH command that will "replace" what the
ProxyCommand
was doing. I always see this on tutorials like that LINK but it always relies on host name, I only have the port16864
to connect to.(preferred) add some magic to the
localPi
SSH config which will make it listen on some non-standard port (say2222
) and auto-redirect that connection touser_on_remotePi:localhost:16864
. So then, when I call from Chromebookssh user_on_localPI -p 2222 localPi_ip
, then thelocalPi
will redirect this to the correct user directly on remotePi.
As you can noticed I'm a bit of a network newbie, my main expertise in app development, so any help here I'll be extremely grateful.
Any ideas?
1Looks a bit complex for me and i'm not that familiar with ProxyCommand, but you say you have REMOTE, LAN, PC.. So is Chromebook the PC? – barlop – 2015-06-27T16:25:41.130
Yes. Chromebook is PC. Sorry, I'll edit to clarify in the question. And ProxyCommand was only useful when I was using an Ubuntu
PC
, now with the chromebook, that's not an option. – Budius – 2015-06-27T16:26:26.4601You could call them Pi and CB rather than calling one LAN and one PC. Both are computers and each is behind the same LAN. – barlop – 2015-06-27T16:30:01.500
1so chromebook does it have ssh.exe? sshd.exe? – barlop – 2015-06-27T16:30:35.290
LAN
is a raspberry PI without monitor, keyboard or mouse connected to it. So it's essentially a headless server. It's just the shell available on the CHromebook, the question includes the link to it, but I'll also add now the official FAQ with all details available about it. – Budius – 2015-06-27T16:32:21.7701so call it HeadlessPi don't call it LAN. It's not a LAN it's a computer on a LAN. So you have HeadlessPi, RemotePi, ChromeBook. And HeadlessPi and ChromeBook are behind the same LAN. – barlop – 2015-06-27T16:32:57.007
1The NAT Router at your external LAN IP presumably port forwards to an SSH server on your headless raspberry pi on some port other than port 22, what port is that? i.e. what port does the headless pi's ssh server run on? – barlop – 2015-06-27T16:36:48.543
hi @barlop, I was not sure what to call them when writing the question. Edited to Chromebook, localPi and remotePi, much clear now, good suggestion. Yes the NAT router redirects from external 2222 to localPi:22, but from my understand that is completely transparent for the setup and all necessary to complete the puzzle is the constant connection on localPI:16864 – Budius – 2015-06-27T16:45:52.527
1
Let us continue this discussion in chat.
– barlop – 2015-06-27T16:46:43.773