Chaining SSH tunnels?
From: Arnoud (galactus_at_stack.nl)
Date: 10/30/05
- Next message: joshthree: "Re: ssh authorized_key working for user, but not for root"
- Previous message: Arnoud : "Re: ssh authorized_key working for user, but not for root"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 30 Oct 2005 16:50:15 +0000 (UTC)
Let's say I am on a machine called 'local', which is able to connect
to 'middle1'. On 'middle1', I can connect to 'middle2' and from
'middle2' I can read my destination machine, 'dest'. I would like to
establish a secure connection between 'local' and 'dest' such that
there is no unencrypted traffic anywhere in between. Is this possible
by chaining tunnels?
This is what I tried to use:
local$ ssh -L 2222:middle2:22 middle1
local$ ssh -L 4444:dest:22 localhost -p 2222
local$ ssh localhost -p 4444
This first sets up a secure connection between local:2222 and
middle1, with a port forwarding to middle2's ssh port. Next, the
ssh connection attempt to localhost:2222 is forwarded to middle2:22
so that I can log into there. A new tunnel is now created that
connects localhost:4444 to dest:22.
Finally, I connect to localhost:4444 and am connected to dest at port 22.
As far as dest can tell, I am connecting from middle2 because
that is where the tunnel comes from.
It does seem rather overkill, since there are now three levels
of encryption between local and middle1. Is there a better way?
Arnoud
-- Arnoud Engelfriet, Dutch & European patent attorney - Speaking only for myself Patents, copyright and IPR explained for techies: http://www.iusmentis.com/
- Next message: joshthree: "Re: ssh authorized_key working for user, but not for root"
- Previous message: Arnoud : "Re: ssh authorized_key working for user, but not for root"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
