Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month, online, via Jitsi Meet.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] SSH port forwarding through middleman (bastion host)



On Fri, Jun 17, 2016 at 7:04 PM, Greg Rundlett (freephile) <
greg at freephile.com> wrote:

> Yes, the -L xxxx:host:xxxx form is the command-line option syntax.  I put
> the configuration in my .ssh/config file so that I don't have to type out
> the options.


?I've been doing exactly this sort of port forwarding to access Docker
containers within a cloud VM, in ~/.ssh/config , as you describe. Allows
tunneling different ports to different ultimate targets through a single
tunnel too.
Use -N -f to put tunnel in  background w/o interactive shell on Bastion;
i don't do that in the Config tho since sometimes i want a shell.

There's a second option: *ssh and netcat as a proxy*, which i use when i
may want a shell on the inner box instead of on the outer (meaning leaving
off -N -f options) -- ?again in ~/.ssh/config :

?Host inner-container-tunnel
   User me
   ProxyCommand ssh -q bastion_or_host nc -q0 172.1.2.3
   LocalForward localhost:5432  pg_container:5432
?
?where 172.1.2.3 is the inner container address ... iirc, can be a local
host name if bastion has DNS for the containers, inner hosts etc ...?

?Even if not doing any shells, this keeps together any connections
eventually-fanning-out to other servers for two hops.?

?See also ...
http://undeadly.org/cgi?action=article&sid=20070925181947 ?
http://sshmenu.sourceforge.net/articles/transparent-mulithop.html


-- 
Bill Ricker
bill.n1vux at gmail.com
https://www.linkedin.com/in/n1vux



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org