Re: SSH tunnel question.



I do not think it will work for this. The IBM Blade Center Management
Modules (for an 8677 blade chassis) are what I am trying to connect to
on the far end.

On Fri, 2007-05-25 at 14:33 -0700, Dan_Mitton@xxxxxxxxxxxxx wrote:
Have you thought about using IPsec?



Please respond to lericksen@xxxxxxxxxxxxx
Sent by: listbounce@xxxxxxxxxxxxxxxxx
To: secureshell@xxxxxxxxxxxxxxxxx
cc: (bcc: Dan Mitton/YD/RWDOE)
Subject: SSH tunnel question.
LSN: Not Relevant
User Filed as: Not a Record

I have a need to securely pass traffic from a corporate Intranet server
to a server on the Extranet and in turn have that pass traffic to a
device on the Extranet/management net.

GIVEN:
D = desktop 14.1.2.189
H = hop box 11.10.10.2
E = Extranet box 10.20.1.5
M = IBM Management module on the management network. 10.30.1.6

A member of my team sneaked in a request that when we are on the CORP
VPN we have access to the Extranet server. I hope this goes away soon,
but I have tested this and it works.

using putty first on the desktop... putty -D 8080 -P 22 -ssh E
I then configure IE to talk to a socks server on 8080 and I am able to
access M on ports (80/443, 1044, 1045, and 5900)

now what I want to do is go D -> H ->L -> M

What I have tried so far
- I configure a session to ssh from D to H on port 22
- in the tunnels section I select dynamic
- port 8080
- destination is set to H
I save that make a connection bring up IE, and run a test, my IP is now
reporting that of H rather than my desktop IP.

After that I go back to putty and for the remote ssh command I have
tried
ssh -D 8080 E
ssh -N -D 8080 E

So far no luck with the double hop or the double SOCKS. I want to avoid
having any extra software installed if at all possible to make this
acceptable to my security group. IS this something that I can do, or
will I have to get creative with the -L option (possible -R as well as
-g ) so that I can move ports <1025 to that > 1025 so that I can do this
as a non-root user?

Now I am not looking for the complete solution but a little direction to
solve the problem. But if you want to give the solution that is ok as
well. I may also suggest for security we just stop and H and to go M so
that we do not have unrestricted web access on D.

--
Leif








Relevant Pages

  • Re: Odd X11 over SSH issue
    ... because tunneling a whole X server ... FreeBSD VMs do not run a window manager at all and they are managed ... via SSH connections. ... It is running the VBox management GUI on the physical layer server ...
    (freebsd-questions)
  • Re: Odd X11 over SSH issue
    ... When I first SSH into the box I see a long delay after the SSH ... Running the ssh server with more debugging will probably tell you what's ... because tunneling a whole X server ... It is running the VBox management GUI on the physical layer server ...
    (freebsd-questions)
  • Re: SSH tunnel question.
    ... Subject: SSH tunnel question. ... I have a need to securely pass traffic from a corporate Intranet server ... E = Extranet box 10.20.1.5 ...
    (SSH)
  • Re: SSH tunnel question.
    ... On the desktop server we have Internet Explorer and Windows XP I do have ... Extranet is a Linux server and I am root on that server. ... Of course this will be needed if only the 22th port is accessible... ... I configure a session to ssh from D to H on port 22 ...
    (SSH)
  • Re: SSH tunnel question.
    ... box in the room you may try using ppp over ssh vpn connection: ... E = Extranet box 10.20.1.5 ... VPN we have access to the Extranet server. ... I configure a session to ssh from D to H on port 22 ...
    (SSH)