going from A to B

04/10/2006, 16h56

My work requires us to ssh into a certain machine (A) and then we can
ssh to a more normal workstation (B), where B isn't visible past teh
firewall. Is there a way to forward or redirect (whatever the proper
term is) so I can do this in one shot?

04/10/2006, 17h11

Greg Hennessy wrote:

> My work requires us to ssh into a certain machine (A) and then we can
> ssh to a more normal workstation (B), where B isn't visible past teh
> firewall. Is there a way to forward or redirect (whatever the proper
> term is) so I can do this in one shot?

Yes. You can set on the firewall to forward port eg. 2222 to 22 (or
whichever sshd listens on B machine), or you could add the very same
forwarding rule on A to certain port on B.
--
Cezary Morga

04/10/2006, 17h40

On Wed, 04 Oct 2006 15:56:56 +0000, Greg Hennessy wrote:

> My work requires us to ssh into a certain machine (A) and then we can ssh
> to a more normal workstation (B), where B isn't visible past teh firewall.
> Is there a way to forward or redirect (whatever the proper term is) so I
> can do this in one shot?

In case this is the setup that you have in mind:

Machine M1 is in the Internet.

Machine M2 is in the Internet.

Machine M3 is not in the Internet, but it is in some private network
N that M2 is connected to.

M1 can get into M2 via SSH.

M2 can access M3 via SSH in N.

M3 is not directly accessible from M1 (because M3 is not in the
Internet).

M3 is listening for incoming SSH connections at port (say) 222 in
N.

In order to SSH into M3 from M1 we do the following on M1
(assuming that the SSH software used is OpenSSH):

ssh -fngT -L 3022:M3:222 -C M2 ping -i 30 localhost > /dev/null
2>&1

If in M1 we add to .ssh/config the entry

Host M3
HostName localhost
HostKeyAlias M3
User Username on M3
Port 3022

then we can get from M1 to M3 by means of

ssh M3

04/10/2006, 17h40

Greg Hennessy <greg.hennessy@localhost.localdomain> writes:

> My work requires us to ssh into a certain machine (A) and then we can
> ssh to a more normal workstation (B), where B isn't visible past teh
> firewall. Is there a way to forward or redirect (whatever the proper
> term is) so I can do this in one shot?

Probably.

Can you describe (using more description) what you're trying to
accomplish in terms of the network?

Is A a gateway machine? Where are these "more normal" workstations
relative to where you're starting from? What makes them "more
normal" (though that may not be relevant)? And waht do you mean B
isn't visible "past the firewall" - do you mean that machine B isn't
accessible from the Internet? The company intranet?

It's not clear which network zones are all involved yet, but I'm
pretty sure ssh can jump through these hoops using either forward
or reverse port forwarding.

Best Regards,
--
Todd H.
http://www.toddh.net/

04/10/2006, 16h56	#1
Greg Hennessy Messages: n/a Hébergeur:	going from A to B My work requires us to ssh into a certain machine (A) and then we can ssh to a more normal workstation (B), where B isn't visible past teh firewall. Is there a way to forward or redirect (whatever the proper term is) so I can do this in one shot?

04/10/2006, 17h11	#2
Cezary Morga Messages: n/a Hébergeur:	Re: going from A to B Greg Hennessy wrote: > My work requires us to ssh into a certain machine (A) and then we can > ssh to a more normal workstation (B), where B isn't visible past teh > firewall. Is there a way to forward or redirect (whatever the proper > term is) so I can do this in one shot? Yes. You can set on the firewall to forward port eg. 2222 to 22 (or whichever sshd listens on B machine), or you could add the very same forwarding rule on A to certain port on B. -- Cezary Morga

04/10/2006, 17h40	#3
Frank W. Steiner Messages: n/a Hébergeur:	Re: going from A to B On Wed, 04 Oct 2006 15:56:56 +0000, Greg Hennessy wrote: > My work requires us to ssh into a certain machine (A) and then we can ssh > to a more normal workstation (B), where B isn't visible past teh firewall. > Is there a way to forward or redirect (whatever the proper term is) so I > can do this in one shot? In case this is the setup that you have in mind: Machine M1 is in the Internet. Machine M2 is in the Internet. Machine M3 is not in the Internet, but it is in some private network N that M2 is connected to. M1 can get into M2 via SSH. M2 can access M3 via SSH in N. M3 is not directly accessible from M1 (because M3 is not in the Internet). M3 is listening for incoming SSH connections at port (say) 222 in N. In order to SSH into M3 from M1 we do the following on M1 (assuming that the SSH software used is OpenSSH): ssh -fngT -L 3022:M3:222 -C M2 ping -i 30 localhost > /dev/null 2>&1 If in M1 we add to .ssh/config the entry Host M3 HostName localhost HostKeyAlias M3 User Username on M3 Port 3022 then we can get from M1 to M3 by means of ssh M3

04/10/2006, 17h40	#4
Todd H. Messages: n/a Hébergeur:	Re: going from A to B Greg Hennessy <greg.hennessy@localhost.localdomain> writes: > My work requires us to ssh into a certain machine (A) and then we can > ssh to a more normal workstation (B), where B isn't visible past teh > firewall. Is there a way to forward or redirect (whatever the proper > term is) so I can do this in one shot? Probably. Can you describe (using more description) what you're trying to accomplish in terms of the network? Is A a gateway machine? Where are these "more normal" workstations relative to where you're starting from? What makes them "more normal" (though that may not be relevant)? And waht do you mean B isn't visible "past the firewall" - do you mean that machine B isn't accessible from the Internet? The company intranet? It's not clear which network zones are all involved yet, but I'm pretty sure ssh can jump through these hoops using either forward or reverse port forwarding. Best Regards, -- Todd H. http://www.toddh.net/

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email