Forward SSH through SSH tunnel

Question

My situation :

Me(localhost) -> Server A(ip:100.100.100.100) =>(server B(ip:192.168.25.100),server....)

i'm able to SSH into server since it has a true ip if i then want to connect to server b, i would ssh server b with it's ip(192.168.25.100)

example:

from my pc:

ssh user@100.100.100.100

then in 100.100.100.100,

ssh user@192.168.25.100

this would get me to server B with ssh

what if i want to connect to server b directly? how can i do that?

example:

from my oc:

ssh@192.168.25.100

i have tried the following:

ssh -L 22:localhost:22 user@100.100.100.100

without success

score 38 · Answer 1 · answered Dec 15 '11 at 15:29

You don't have to use ssh port forwarding to ssh into an internal computer through a proxy. You can use the ssh feature of executing a command on the first server you connect to in order to ssh into a 3rd computer.

ssh -t user@100.100.100.100 ssh user@192.168.25.100

The -t option forces ssh to allocate a pseudo-tty so you can run an interactive command.

This can work with ssh keys as well. If you have your private and public key on machine A and your public key in the authorized keys files on machines B and C, then you can use the -A option to forward the authentication agent connection.

score 36 · Accepted Answer · answered Dec 15 '11 at 11:49

Your problem is in binding a listener to localhost:22; there's already an sshd listening on that. Tunnelling an ssh connection through an ssh connection is completely lawful, and I do it all the time, but you need to pick unused ports for your forwarding listeners.

Try

me% ssh user@100.100.100.100 -L 2201:192.168.25.100:22

then

me% ssh localhost -p 2201

You should end up on server B (unless something's already bound to me:2201, in which case, pick another port).

arantius · Answer 3 · 2022-01-26T23:34:53.090

20

As of OpenSSH 7.3 (late 2016) the easiest way is the ProxyJump setting. In your ~/.ssh/config:

Host B
  ProxyJump A

Or on the command line, -J B.

edited Jan 26 '22 at 23:34

answered Jan 17 '18 at 21:41

arantius

329

score 11 · Answer 4 · answered Dec 15 '11 at 15:04

I used a different solution. I used a ProxyCommand option (here in ~/.ssh/config):

Host myinsidehost1 myinsidehost2 myinsidehost3
ProxyCommand ssh externalhost ssh %h sshd -i

This doesn't set up any port-to-port tunnel, instead tunnels ssh by using standard stdin/out. This method has a drawback that there are actually three ssh connections to authenticate. But to connect to the internal host you just type:

ssh myinsidehost2

...so you do not need to care about choosing any IP for that tunnel.

score 8 · Answer 5 · edited Jul 21 '15 at 07:50

8

according to the ssh man page, ProxyCommand is the correct method

the syntax being:

ProxyCommand ssh -W %h:%p user@jumphost 2> /dev/null

edited Jul 21 '15 at 07:50

sebix

4,432

answered Jul 21 '15 at 02:44

packeteer

81

Jean Spector · Answer 6 · 2021-05-09T11:16:12.783

While ProxyJump has already been mentioned, it's most useful for static hosts you keep connecting to. If the machines keep changing, it's much easier to use -J (jump host) command line argument:

Once you know what it's doing, the syntax is pretty straightforward:

ssh -J user1@100.100.100.100 user2@192.168.25.100

The above command establishes a connection to 100.100.100.100 as user1, then from there "jumps" to 192.168.25.100 as user2

Forward SSH through SSH tunnel

6 Answers6