Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month, online, via Jitsi Meet.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] SSH port forwarding through middleman (bastion host)



First an explanation of what I know, and then a question about port
forwarding.

I recently learned how to quickly and effortlessly connect to server C from
my workstation A through middleman B.

USER:   greg         fiddlesticks         grumpy
HOST:     A ======>   B  ======>    C
LOCUS: home           bastion             work

(The middleman is a bastion host which is the only point that allows SSH
connections from the outside)

All it takes is
   ssh -t B ssh C

By setting up a private key on acme's bastion host, and copying the public
key to
the target web servers, I'm able to now jump through B to get "directly" to
C
with ssh -t B ssh web1
which is shorthand for
ssh -i ~/.ssh/id_rsa fiddlesticks at bastion.acme.edu ssh -i
/home/fiddlesticks/.ssh/id_rsa grumpy at w905-1.acme.edu


Assuming the following contents are in ~/.ssh/config

Host B
  User fiddlesticks
  HostName bastion.acme.edu
  ServerAliveInterval 10

Host web* C D
  User grumpy
  IdentityFile /home/fiddlesticks/.ssh/id_rsa
  ServerAliveInterval 10

Host web1 C
  HostName w905-1.acme.edu

Host web2 D
  HostName w905-2.acme.edu


I also know that I can use port forwarding so that I can use a graphical
database tool like MySQL Workbench on my local machine to connect to and
manipulate a database on a remote machine.  I love this 'hack'.  A simple
line like the following in the ~/.ssh/config stanza for B on my local
machine is all it takes

    LocalForward 33306 localhost:3306

That would allow me to connect MySQL Workbench to port 33306 locally and
see the database on B

Can I forward twice, so that I can use MySQL Workbench to work on the
database on C?

I'm assuming that if I put
        LocalForward 33306 localhost:33306
locally in the stanza for B

And had a ~/.ssh/config stanza on B for C
        LocalForward 33306 localhost:3306

That I might be able to
        mysql -h localhost -p 33306

and connect to the mysql server on C?


Greg Rundlett
https://eQuality-Tech.com
https://freephile.org



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org