Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] SSH port forwarding through middleman (bastion host)



First an explanation of what I know, and then a question about port
forwarding.

I recently learned how to quickly and effortlessly connect to server C from
my workstation A through middleman B.

USER:   greg         fiddlesticks         grumpy
HOST:     A ======>   B  ======>    C
LOCUS: home           bastion             work

(The middleman is a bastion host which is the only point that allows SSH
connections from the outside)

All it takes is
   ssh -t B ssh C

By setting up a private key on acme's bastion host, and copying the public
key to
the target web servers, I'm able to now jump through B to get "directly" to
C
with ssh -t B ssh web1
which is shorthand for
ssh -i ~/.ssh/id_rsa fiddlesticks at bastion.acme.edu ssh -i
/home/fiddlesticks/.ssh/id_rsa grumpy at w905-1.acme.edu


Assuming the following contents are in ~/.ssh/config

Host B
  User fiddlesticks
  HostName bastion.acme.edu
  ServerAliveInterval 10

Host web* C D
  User grumpy
  IdentityFile /home/fiddlesticks/.ssh/id_rsa
  ServerAliveInterval 10

Host web1 C
  HostName w905-1.acme.edu

Host web2 D
  HostName w905-2.acme.edu


I also know that I can use port forwarding so that I can use a graphical
database tool like MySQL Workbench on my local machine to connect to and
manipulate a database on a remote machine.  I love this 'hack'.  A simple
line like the following in the ~/.ssh/config stanza for B on my local
machine is all it takes

    LocalForward 33306 localhost:3306

That would allow me to connect MySQL Workbench to port 33306 locally and
see the database on B

Can I forward twice, so that I can use MySQL Workbench to work on the
database on C?

I'm assuming that if I put
        LocalForward 33306 localhost:33306
locally in the stanza for B

And had a ~/.ssh/config stanza on B for C
        LocalForward 33306 localhost:3306

That I might be able to
        mysql -h localhost -p 33306

and connect to the mysql server on C?


Greg Rundlett
https://eQuality-Tech.com
https://freephile.org



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org