Multihop SSH tunnel to SVN server

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I would like to access SVN repository located at server C (port 3690)
from my local computer. Unfortunately the only way I can access server
C from my local computer is to login via SSH to server A, then from
server A to server B and then from B to C.

So in a few words what I want to do is to create an SSH tunnel to C
via A and B:
my computer --- ssh ---> A --- ssh ---> B ------> C

Only server B has access to server C and I have direct access from my
computer only to server A.

At server A and B I have SSH account (no root accounts). And at server
C I have only SVN account (no root account and no SSH account).

I was trying to do that for a few hours but so far I was not able to
succeed:). I would be grateful for any help.


Re: Multihop SSH tunnel to SVN server schrieb:
Quoted text here. Click to load it

If you have an ssh-connection from my computer to B, it is simple:

my_computer$ ssh -L <lport>:C:<rport> user_b@B

where <lport> is local port and <rport> is remote port. You can use two
ssh-connections for this:

my_computer$ ssh -f -L <ssh-port>:B:22 user_a@A 'sleep 10' ;\
             ssh -p <ssh-port> -L <lport>:C:<rport> user_b@localhost

and then, svn should be available via localhost:<lport>


Re: Multihop SSH tunnel to SVN server

Quoted text here. Click to load it

Thanks for the reply. I have tried this but I receive some errors when
I execute the second ssh command:
ssh -p <ssh-port> -L <lport>:C:<rport> user_b@localhost

On my computer I get sth like this:
ssh_exchange_identification: Connection closed by remote host

And on server A console I have:
channel 2: open failed: administratively prohibited: open failed

After googling these messages I suppose that server A does not have
AllowTcpForwarding turned on in sshd_config. I do not have access to
sshd_config so I can't check it for sure and change it. However, I
tried to make other tunnels through server A and they also didn't

Is it possible to check if tcp forwarding is disabled without looking
at sshd_config? And if it is disabled can I do anything to establish a

Re: Multihop SSH tunnel to SVN server schrieb:
Quoted text here. Click to load it

I am not sure, how you do this. In my example above, both commands are
written in one line with a semicolon between the two commands. This
might be important. If you type the first command, then hit return, you
have a connection to A for exactly 10 seconds. That means, the second
command has to be typed and sended within 10 seconds. This might be to
short, to type this command by hand. If you type both commands in one
line separated by semicolon, this can not happen.

And of course, <lport>, <rport> and <ssh-port> are numbers of ports to
use ;)

Quoted text here. Click to load it

I would try it again in one line. If that does not work, you could try

my_computer$ ssh -A user_a@a

(-A only if you have public key authentication) and then on A

If telnet connects to C, then portforwarding is allowed. A second way is
more complicated to understand and needs a second program like netcat
(nc) on host A:

You could type on my_computer
(everything written in one line without \):

my_computer$ \
ssh -L <lport>:C:<rport> \
-oProxyCommand="ssh user_a@A nc %h %p" \

but this does only work if nc is available on host A. If that does work
as expected, you can add the following lines to your ~/.ssh/config

Host Tunnel_to_C
   Hostname B
   LocalForward <lport> C:<rport>
   ProxyCommand = ssh user_a@A nc %h %p
   User user_b

(I hope i did not forget anything, but you can have a look at
man 5 ssh_config, man ssh and man 5 sshd_config)

and then, you can simply type

my_computer$ ssh Tunnel_to_C


Re: Multihop SSH tunnel to SVN server

Wolfgang Meiners schrieb:
Quoted text here. Click to load it

I just tried that out on my box and it did not work:

$ ssh -L 9022:localhost:22 ubuntu 'sleep 10' ; telnet localhost 9022
telnet: cannot connect to remote host ( Connection refused

$ ssh -fNL 9022:localhost:22 ubuntu
$ telnet localhost 9022
SSH-2.0-OpenSSH_5.1p1 Debian-5ubuntu1

Protocol mismatch.
Connection closed by foreign host

does work. I had to kill the ssh-process manually after that.


Site Timeline