[Discuss] SSH port forwarding through middleman (bastion host)
Bill Ricker
bill.n1vux at gmail.com
Sat Jun 18 00:39:30 EDT 2016
On Fri, Jun 17, 2016 at 7:04 PM, Greg Rundlett (freephile) <
greg at freephile.com> wrote:
> Yes, the -L xxxx:host:xxxx form is the command-line option syntax. I put
> the configuration in my .ssh/config file so that I don't have to type out
> the options.
I've been doing exactly this sort of port forwarding to access Docker
containers within a cloud VM, in ~/.ssh/config , as you describe. Allows
tunneling different ports to different ultimate targets through a single
tunnel too.
Use -N -f to put tunnel in background w/o interactive shell on Bastion;
i don't do that in the Config tho since sometimes i want a shell.
There's a second option: *ssh and netcat as a proxy*, which i use when i
may want a shell on the inner box instead of on the outer (meaning leaving
off -N -f options) -- again in ~/.ssh/config :
Host inner-container-tunnel
User me
ProxyCommand ssh -q bastion_or_host nc -q0 172.1.2.3
LocalForward localhost:5432 pg_container:5432
where 172.1.2.3 is the inner container address ... iirc, can be a local
host name if bastion has DNS for the containers, inner hosts etc ...
Even if not doing any shells, this keeps together any connections
eventually-fanning-out to other servers for two hops.
See also ...
http://undeadly.org/cgi?action=article&sid=20070925181947
http://sshmenu.sourceforge.net/articles/transparent-mulithop.html
--
Bill Ricker
bill.n1vux at gmail.com
https://www.linkedin.com/in/n1vux
More information about the Discuss
mailing list