going from A to B

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
My work requires us to ssh into a certain machine (A) and then we can
ssh to a more normal workstation (B), where B isn't visible past teh
firewall. Is there a way to forward or redirect (whatever the proper
term is) so I can do this in one shot?

Re: going from A to B

Greg Hennessy wrote:

Quoted text here. Click to load it

Yes. You can set on the firewall to forward port eg. 2222 to 22 (or
whichever sshd listens on B machine), or you could add the very same
forwarding rule on A to certain port on B.
Cezary Morga

Re: going from A to B

On Wed, 04 Oct 2006 15:56:56 +0000, Greg Hennessy wrote:

Quoted text here. Click to load it

        In case this is the setup that you have in mind:

        Machine M1 is in the Internet.

        Machine M2 is in the Internet.

    Machine M3 is not in the Internet, but it is in some private network
N that M2 is connected to.

        M1 can get into M2 via SSH.

        M2 can access M3 via SSH in N.

        M3 is not directly accessible from M1 (because M3 is not in the

        M3 is listening for incoming SSH connections at port (say) 222 in

        In order to SSH into M3 from M1 we do the following on M1
(assuming that the SSH software used is OpenSSH):

        ssh -fngT -L 3022:M3:222 -C M2 ping -i 30 localhost > /dev/null

        If in M1 we add to .ssh/config the entry

        Host M3
         HostName localhost
         HostKeyAlias M3
         User Username on M3
         Port 3022

then we can get from M1 to M3 by means of

        ssh M3

Re: going from A to B

Quoted text here. Click to load it


Can you describe (using more description) what you're trying to
accomplish in terms of the network?

Is  A a gateway machine?  Where are these "more normal" workstations
relative to where you're starting from?   What makes them "more
normal" (though that may not be relevant)?   And waht do you mean B
isn't visible "past the firewall"  - do you mean that machine B isn't
accessible from the Internet?   The company intranet?    

It's not clear which network zones are all involved yet, but I'm
pretty sure ssh can help jump through these hoops using either forward
or reverse port forwarding.

Best Regards,
Todd H.
http://www.toddh.net /

Site Timeline