Re: How do I setup a multiple hop tunnel to chain port forwarding?

I got this to work pretty well:

ssh -t -L 5432:127.0.0.1:9991 firewall.example.com \
ssh -t dbserver \
ssh -t -R 9991:127.0.0.1:5432 firewall

Note that I was not able to use -f because the first SSH would
fork before the last SSH asked me for my password.
I found that I had to use -t on all three ssh commands.
It did not seem to work otherwise.
Is there anything I can clean up?

So using this I am able to use psql on my localhost machine
to connect to dbserver (although, I have to tell to use 127.0.0.1
as the host so it would make an IP connection instead of
trying to use a local pipe, "psql -h 127.0.0.1 my_database").
The Postgres server on dbserver allows the
connection without a password because
host based authentication sees that the connection
originates from dbserver's localhost.

Richard E. Silverman wrote:
"Noah" == Noah <noah@xxxxxxxx> writes:
The problem is that the second ssh instance does not have a tty, so it
can't prompt for your password. You can fix this with -t on the first ssh
instance.

Yes, the -t was the trick. Thanks.

What you're doing will work, but it's fragile in various respects. I
would remove the -f from the second ssh; it will fork and then not
terminate when the first one does, preventing you from running the same
command again (since that port is now bound).

When you have to go through multiple hops, it's usually better to get an
end-to-end connection. In this case:

ssh -oproxycommand="ssh -qaxT firewall nc %h %p" -L 5432:localhost:5432 dbserver

If you have a copy of the snail book, section 11.4 (p444) has a discussion
of these two approaches.

I will check this out. Thanks!

Yours,
Noah

.

Relevant Pages

  • How do I setup a multiple hop tunnel to chain port forwarding?
    ... local machine appear as if it were running dbserver). ... I would get an error that my host (firewall) ... This isn't an SSH problem. ... So I tried to create a chain of port forwarded tunnels like this: ...
    (comp.security.ssh)
  • Re: What is The SSH?
    ... Building and Using SSH Tunnels ... What is an SSH tunnel? ... how to use it to make a connection to a server. ... You will need a working SSH client and server installation to build and test ...
    (microsoft.public.windows.server.networking)
  • Re: Problem connecting to SSH, OpenVMS7.3-2, HP TCP/IP v5.4 patched
    ... warning: Authentication failed. ... connection lost (Connection closed by remote host.). ... So, as you can see, I am trying to make an ssh connection with the ...
    (comp.os.vms)
  • Re: Keeping OpenSSH connections alive
    ... The TCP connection is timing out, not the SSH session. ... You can then, reconnect to the backgrounded screen session, upon relogin. ...
    (SSH)
  • Re: Remote Desktop Connection
    ... You can try a free two user version of SSL-Explorer to try it out. ... SSL-Explorer also supports a web based RDC and VNC access to desktop PCs on your network. ... OpenVPN is completely free like SSH. ... What if i have a linkys WiFi router, and does not have vpn feature, how could i secure the connection? ...
    (microsoft.public.windowsxp.work_remotely)