In addition, it has a feature called SSH tunnelling (or SSH port forwarding). Intermediate tunnels should either not exist or point to the next ssh entry point (that's the -W 's usage here).SSH is a widely used protocol for system administration and file transfer. Tunnel ends should always be kept on the client host if possible, where there's full control. Trying to involve the intermediate host in participating with the port forwarding is insecure or can clash (other users of foo can access the tunnel or use the same port), and prone to errors. There are still two ssh running: the hidden one is the one as Prox圜ommand parameter still running on the local host doing the link using a pair of pipes with the main ssh, instead of an extra tcp port. Unfortunately ProxyJump is available only starting from openssh 7.3īut it's easily replaced with the Prox圜ommand/ -W combo you were using before. Or the equivalent (only) configuration: Host bar What you'd really need wouldn't be RemoteCommand but ProxyJump, really simplifying your configuration, with goal reached only with: ssh -L 33389:rdp:3389 -J foo bar Term1$ ssh foo # or use ssh -f -N -o ExitOnForwardFailure=yes foo for background task Passing remote commands is not a valid answer, though.įirst, with your kind of setting, what would work, requiring anyway two ssh: Host foo Tweaking the ssh_config(5) files on the local machine and foo are allowed. Goal is to use ssh bar to connect to bar and at the same time make rdp:3389 available on the local machine as localhost:33389. Since Prox圜ommand establishes the connection to foo and I am giving a LocalForward for the connection to bar, I'd expect this to work. On the jump host I see nothing listening on any port containing 3389. While sudo lsof -i|grep 3389 on the local machine gives me: ssh 15271 accden 6u IPv6 7933201 0t0 TCP localhost:33389 (LISTEN) In fact it works in that I end up on the shell prompt of bar, but the port forwarding doesn't work at all. The idea being that on the local machine I will simply invoke ssh bar. Here's the attempt that seems to come closest to what I want to achieve. But as mentioned before, I am using an older (packaged) version of OpenSSH without support for the RemoteCommand stanza. which should roughly translate to the ssh invocation shown above. With RemoteCommand as introduced in OpenSSH 7.6 this seems to be rather trivial: Host bar Or, provided that Host bar is configured on foo to go through localhost:10022 of foo: ssh -L 33389:localhost:33389 foo ssh -t -L 33389:rdp:3389 barīut of course this is plenty to type and it would be neater to be able to put this all into the configuration file and simply type ssh bar on the local machine. While a shell alias would be one way of going about this, I was wondering if there's a way to keep everything inside the ssh_config(5) used by my client, using Prox圜ommand?Ī rough equivalent of the above PuTTY configuration is this: ssh -L 33389:localhost:33389 foo ssh -t -L 33389:rdp:3389 -p 10022 localhost The PuTTY configuration works like a charm, but it relies on a remote command to be executed. ssh/config to connect to localhost:10022 and thereby end up on bar via the jump host.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |