linux - SSH tunnel through two servers to access a web service on port 9091
2014-07
what I have is a "phone-home" service running at remote1
that connects to LAN1
via:
ssh -N -R 16864:localhost:22 <myuser.on.lan1>@<lan1.ip>
so from the SSH terminal on LAN1
I can easily load terminal on remote1
doing:
ssh -l <myuser.on.remote1> -p 16864 localhost
remote1
is running a daemon service with a web panel on port 9091
(Transmission).
So what I want is to connect to this web interface on port 9091
on remote1
, through LAN1
(that already have a tunnel open on port 16864
) from my local machine.
so probably this:
Local machine browser -> LAN1:16864 -> 22:REMOTE1:9091
I've been trying quite a few different SSL commands based on what I read HERE, HERE, HERE and the original setup is based on THIS
I've been trying stuff like this, but I'm sure I'm close but pretty lost on what to do:
ssh -t -L8080:localhost:5590 [email protected] ssh -l user -p 16864 localhost -N
but of course, if I'm asking here it's because I'm failing miserably. Any expert to help me out on this one?
edit:
I don't have any diagrams but I'll explain in a different way:
I have 3 linux computers:
REMOTE1
always-on raspPi on remote location, which I don't have much access to network configurationLAN1
always on raspPi on my local lan, where I can setup port-forwarding, fixed IP and dynamic DNS, without issues.- my PC, which I want to be able to access web services on
REMOTE1
REMOTE1
is doing a "call home" to keep a SSH connection with LAN1
via:
ssh -N -R 16864:localhost:22 <myuser.on.lan1>@<lan1.ip>
and that part is working fine. I use my local machine terminal to SSH to LAN1
, then inside LAN1
machine I type:
ssh -l <myuser.on.remote1> -p 16864 localhost
and I can do terminal stuff on REMOTE1
.
Currently I only got a service on 9091 (transmission-daemon) but I'll be installing some other stuff later.
So the question, how do I tunnel from my local machine to access the web service on port 9091
on the REMOTE1
going through the tunneled connection on LAN1
?
in a simplistic way:
- local machine:
ssh 8888 <magic> 1684 <magic> 9091 <magic> -N
- open the browser on type
localhost:8888/transmission/web/
and access it the transmission-daemon onREMOTE1
First set up so you can ssh from your PC "directly" to remote1:
In your .ssh/config put:
Host remote1
Proxycommand ssh -q -l <myuser.on.lan1> lan1 nc -w 600 localhost 16864
Make sure netcat (nc command) is installed on lan1.
You should now be able to ssh from your pc with:
ssh <myuser.on.remote1>@remote1
once this works, use:
ssh -L8888:localhost:9091 <myuser.on.remote1>@remote1
and you have access to transmission on remote1:9091 via localhost:8888
I am trying to connect directly to a my work computer (work) which is only available via an outside server (outside).
So, the network path is: home » outside » work
Ideally, this should work:
home$ ssh -f -N -L2222:work.example.com:22 outside.example.com
home$ ssh localhost -p 2222 ## This just hangs
It doesn't, though. I can also replace work.example.com with an entirely different server, with the same result. The steps are correct, because I can use the same logic to connect to the work host's web server:
home$ ssh -f -N -L10080:work.example.com:80 outside.example.com
home$ lynx http://localhost:10080/ ## work's pretty web page is displayed
Also, I can SSH to work if I log into outside first:
home$ ssh outside.example.com
outside$ ssh work.example.com
work$ ## Yay, success!
Finally, this also works in a scenario with different servers involved:
home$ ssh -f -N -L2222:different.example.com:22 another.example.com
home$ ssh localhost -p 2222
different$ ## Success!
So, I guess there's some SSH configuration on outside that stops me from using the direct approach, since this works with different servers.
Home runs OpenBSD 4.6 with OpenSSH_5.3. Outside runs MacOSX 10.7.2 with OpenSSH_5.6p1. Work runs CentOS 6.0 with OpenSSH_5.3p1.
EDIT: The solution glared straight at me as I came to work today. Little Snitch (a firewall) had been blocking my connections, and had cheerfully opened quite a few "Do you want to allow this connection" dialogues. Thanks for the help; I'm granting @golimar the correct answer for this one, since it was a pretty plausible solution.
It's probably the options AllowTcpForwarding and/or GatewayPorts in the sshd_config file in "outside"
If that's the case, your ssh client should say something about it (in a log file or with the verbose option). I saw this in Putty on windows so I can't tell what the ssh command does...