[Discuss] SSH port forwarding through middleman (bastion host)

Greg Rundlett (freephile) greg at freephile.com
Fri Jun 17 17:38:42 EDT 2016 

First an explanation of what I know, and then a question about port
forwarding.

I recently learned how to quickly and effortlessly connect to server C from
my workstation A through middleman B.

USER:   greg         fiddlesticks         grumpy
HOST:     A ======>   B  ======>    C
LOCUS: home           bastion             work

(The middleman is a bastion host which is the only point that allows SSH
connections from the outside)

All it takes is
   ssh -t B ssh C

By setting up a private key on acme's bastion host, and copying the public
key to
the target web servers, I'm able to now jump through B to get "directly" to
C
with ssh -t B ssh web1
which is shorthand for
ssh -i ~/.ssh/id_rsa fiddlesticks at bastion.acme.edu ssh -i
/home/fiddlesticks/.ssh/id_rsa grumpy at w905-1.acme.edu


Assuming the following contents are in ~/.ssh/config

Host B
  User fiddlesticks
  HostName bastion.acme.edu
  ServerAliveInterval 10

Host web* C D
  User grumpy
  IdentityFile /home/fiddlesticks/.ssh/id_rsa
  ServerAliveInterval 10

Host web1 C
  HostName w905-1.acme.edu

Host web2 D
  HostName w905-2.acme.edu


I also know that I can use port forwarding so that I can use a graphical
database tool like MySQL Workbench on my local machine to connect to and
manipulate a database on a remote machine.  I love this 'hack'.  A simple
line like the following in the ~/.ssh/config stanza for B on my local
machine is all it takes

    LocalForward 33306 localhost:3306

That would allow me to connect MySQL Workbench to port 33306 locally and
see the database on B

Can I forward twice, so that I can use MySQL Workbench to work on the
database on C?

I'm assuming that if I put
        LocalForward 33306 localhost:33306
locally in the stanza for B

And had a ~/.ssh/config stanza on B for C
        LocalForward 33306 localhost:3306

That I might be able to
        mysql -h localhost -p 33306

and connect to the mysql server on C?


Greg Rundlett
https://eQuality-Tech.com
https://freephile.org

More information about the Discuss mailing list