linux - SSH tunnel through two servers to access a web service on port 9091

08
2014-07
  • Budius

    what I have is a "phone-home" service running at remote1 that connects to LAN1 via:

    ssh -N -R 16864:localhost:22 <myuser.on.lan1>@<lan1.ip>

    so from the SSH terminal on LAN1 I can easily load terminal on remote1 doing:

    ssh -l <myuser.on.remote1> -p 16864 localhost

    remote1 is running a daemon service with a web panel on port 9091 (Transmission).

    So what I want is to connect to this web interface on port 9091 on remote1, through LAN1 (that already have a tunnel open on port 16864) from my local machine.

    so probably this:

    Local machine browser -> LAN1:16864 -> 22:REMOTE1:9091

    I've been trying quite a few different SSL commands based on what I read HERE, HERE, HERE and the original setup is based on THIS

    I've been trying stuff like this, but I'm sure I'm close but pretty lost on what to do:

    ssh -t -L8080:localhost:5590 [email protected] ssh -l user -p 16864 localhost -N

    but of course, if I'm asking here it's because I'm failing miserably. Any expert to help me out on this one?

    edit:

    I don't have any diagrams but I'll explain in a different way:

    I have 3 linux computers:

    • REMOTE1 always-on raspPi on remote location, which I don't have much access to network configuration
    • LAN1 always on raspPi on my local lan, where I can setup port-forwarding, fixed IP and dynamic DNS, without issues.
    • my PC, which I want to be able to access web services on REMOTE1

    REMOTE1 is doing a "call home" to keep a SSH connection with LAN1 via:

    ssh -N -R 16864:localhost:22 <myuser.on.lan1>@<lan1.ip>

    and that part is working fine. I use my local machine terminal to SSH to LAN1, then inside LAN1 machine I type:

    ssh -l <myuser.on.remote1> -p 16864 localhost

    and I can do terminal stuff on REMOTE1.

    Currently I only got a service on 9091 (transmission-daemon) but I'll be installing some other stuff later.

    So the question, how do I tunnel from my local machine to access the web service on port 9091 on the REMOTE1 going through the tunneled connection on LAN1?

    in a simplistic way:

    • local machine: ssh 8888 <magic> 1684 <magic> 9091 <magic> -N
    • open the browser on type localhost:8888/transmission/web/ and access it the transmission-daemon on REMOTE1
    • Answers
  • AlexKing

    First set up so you can ssh from your PC "directly" to remote1:

    In your .ssh/config put:

    Host remote1
  Proxycommand ssh -q -l <myuser.on.lan1> lan1 nc -w 600 localhost 16864

    Make sure netcat (nc command) is installed on lan1.

    You should now be able to ssh from your pc with:

    ssh <myuser.on.remote1>@remote1

    once this works, use:

    ssh -L8888:localhost:9091 <myuser.on.remote1>@remote1

    and you have access to transmission on remote1:9091 via localhost:8888


    • Related Question

    networking - Which SSH config option stops me from SSH'ing through a SSH tunnel?
  • neu242

    I am trying to connect directly to a my work computer (work) which is only available via an outside server (outside).

    So, the network path is: home » outside » work

    Ideally, this should work:

    home$ ssh -f -N -L2222:work.example.com:22 outside.example.com
home$ ssh localhost -p 2222  ## This just hangs

    It doesn't, though. I can also replace work.example.com with an entirely different server, with the same result. The steps are correct, because I can use the same logic to connect to the work host's web server:

    home$ ssh -f -N -L10080:work.example.com:80 outside.example.com
home$ lynx http://localhost:10080/  ## work's pretty web page is displayed

    Also, I can SSH to work if I log into outside first:

    home$ ssh outside.example.com
outside$ ssh work.example.com
work$  ## Yay, success!

    Finally, this also works in a scenario with different servers involved:

    home$ ssh -f -N -L2222:different.example.com:22 another.example.com
home$ ssh localhost -p 2222
different$  ## Success!

    So, I guess there's some SSH configuration on outside that stops me from using the direct approach, since this works with different servers.

    Home runs OpenBSD 4.6 with OpenSSH_5.3. Outside runs MacOSX 10.7.2 with OpenSSH_5.6p1. Work runs CentOS 6.0 with OpenSSH_5.3p1.

    EDIT: The solution glared straight at me as I came to work today. Little Snitch (a firewall) had been blocking my connections, and had cheerfully opened quite a few "Do you want to allow this connection" dialogues. Thanks for the help; I'm granting @golimar the correct answer for this one, since it was a pretty plausible solution.


    • Related Answers
  • golimar

    It's probably the options AllowTcpForwarding and/or GatewayPorts in the sshd_config file in "outside"

    If that's the case, your ssh client should say something about it (in a log file or with the verbose option). I saw this in Putty on windows so I can't tell what the ssh command does...