Thursday, 28 September 2017

SSH over proxy or over multiple hosts

Well, sometimes an evil sysadmin won't let us to live in peace and close all the ports that you need (of course, except the ssh).

Presuming that you already have a host with ssh and Internet access (host1 in the following example) you can use it as a "jump" platform or as SOCKS proxy server to reach a target host (host2 here).

+-----------+<--port 22-->+---------+<--port 2222-->+----------+
|   mybox   |-------------|  host1  |---------------|   host2  |
+-----------+             +---------+               +----------+
localhost:8080            "jump" host                  target

Using as proxy server:
(in this example we have two steps, but you can join those steps in one. Hint:  use && as in command1 && command2 and -f ssh parameter).

mybox:~$ ssh -D 8080 -N -p 22 user@host1
user@host1's password:

Type the password and let this terminal open and open another one.

mybox:~$ ssh -X -p 2222 user2@host2 -o ProxyCommand="/usr/bin/connect -5 -S localhost:8080 %h %p"

Jumping over ssh:
mybox:~$ ssh -t -X -p 22 user@host1 ssh -X -p 2222 user@host2

You may ask yourself "Why not using the second example all the time because is simple and more convenient???". 
Well, the simple answer is that you can not use X11 forwarding (-X parameter) if the host1 had not implemented the X11 forwarding rule in the sshd_config. So, no X11 forwarding in this case.
The first example (proxy), because is a SOCKS tunnel, have no importance if the host1 have or not have the X11 forwarding rule active. As a tunnel, it pass the packets between the two ends of it.

No comments:

Post a Comment