Comments on: SSH Tunneling across multiple hosts in Linux http://www.naenius.com/2011/06/ssh-tunneling-across-multiple-hosts-in-linux/ “Development is a state of mind” Sat, 11 Feb 2012 03:39:28 +0000 hourly 1 http://wordpress.org/?v=3.1.3 By: Jeroen van der Laan http://www.naenius.com/2011/06/ssh-tunneling-across-multiple-hosts-in-linux/comment-page-1/#comment-16123 Jeroen van der Laan Fri, 10 Jun 2011 09:47:51 +0000 http://www.naenius.com/?p=477#comment-16123 <p>The is a disadvantage in this approach. You are setting up two tunnels. One from local to A and one from A to B. That means that you would need an (Open)SSH deamon on your server B.</p> <p>However in your situation you say that server B is accessible from Server A meaning that you actually don't need the second tunnel right? Wouldn't it be easier to just tunnel a non-localhost connection through server A? Something like this would probably work.</p> <p>ssh -t -t -L8081:b.server.example.com:80 mvriel@a.server.example.com</p> The is a disadvantage in this approach. You are setting up two tunnels. One from local to A and one from A to B. That means that you would need an (Open)SSH deamon on your server B.

However in your situation you say that server B is accessible from Server A meaning that you actually don’t need the second tunnel right? Wouldn’t it be easier to just tunnel a non-localhost connection through server A? Something like this would probably work.

ssh -t -t -L8081:b.server.example.com:80 mvriel@a.server.example.com

]]> By: Remi Woler http://www.naenius.com/2011/06/ssh-tunneling-across-multiple-hosts-in-linux/comment-page-1/#comment-16121 Remi Woler Fri, 10 Jun 2011 07:50:01 +0000 http://www.naenius.com/?p=477#comment-16121 <p>Accidentily, I learned about this while getting worked in a couple days ago. But I learned a few other tricks as well:</p> <p>add -f, which means that ssh goes into the background after connecting, so you don't have to leave your terminal window open</p> <p>In your example, you tunnel twice for a single host, to get back to port 80. Instead, you can use -D and no tunnel, which will create a SOCKS proxy. Execute the command, configure the proxy in your browser, and you can reach any host that is reachable by Server A. If you need to SSH forward to server B, or anything else that can't use a SOCKS proxy, then you can suffice with a single tunnel (since you don't need to go back to the specific port).</p> <p>~RW</p> Accidentily, I learned about this while getting worked in a couple days ago. But I learned a few other tricks as well:

add -f, which means that ssh goes into the background after connecting, so you don’t have to leave your terminal window open

In your example, you tunnel twice for a single host, to get back to port 80. Instead, you can use -D and no tunnel, which will create a SOCKS proxy. Execute the command, configure the proxy in your browser, and you can reach any host that is reachable by Server A. If you need to SSH forward to server B, or anything else that can’t use a SOCKS proxy, then you can suffice with a single tunnel (since you don’t need to go back to the specific port).

~RW

]]>