Concatenated SSH tunnels - SSH

This is a discussion on Concatenated SSH tunnels - SSH ; I have three boxes running OpenSSH. Box A is in network 1, box B is in networks 1 and 2, and box C is in network 2. I can ssh from A into B with no problem, and from B ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Concatenated SSH tunnels

  1. Concatenated SSH tunnels

    I have three boxes running OpenSSH. Box A is in network 1, box B is in
    networks 1 and 2, and box C is in network 2. I can ssh from A into B with
    no problem, and from B into C with no problem. Under these conditions, I
    can arrange things so that I can ssh into C from A directly - essentially,
    in A I do

    ssh -fngT -L 1022:C:22 -C B ping -i 30 localhost

    and with a judicious choice of names in the .ssh/config file in each box,
    establishing an SSH connection from A to C is just a matter of invoking

    ssh C

    on A.

    My question is, how can this be taken up to the next level? That is, if I
    have four boxes such that A is in network 1, B is in networks 1 and 2, C
    is in networks 2 and 3, and D is in network 3, can one do some OpenSSH
    magic so that accessing D from A by SSH is just a matter of doing

    ssh D

    on A?


  2. Re: Concatenated SSH tunnels

    >>>>> "TC" == Thomas Carter writes:

    TC> I have three boxes running OpenSSH. Box A is in network 1,
    TC> box B is in networks 1 and 2, and box C is in network 2. I can ssh
    TC> from A into B with no problem, and from B into C with no
    TC> problem. Under these conditions, I can arrange things so that I
    TC> can ssh into C from A directly - essentially, in A I do

    TC> ssh -fngT -L 1022:C:22 -C B ping -i 30 localhost

    TC> and with a judicious choice of names in the .ssh/config file in
    TC> each box, establishing an SSH connection from A to C is just a
    TC> matter of invoking

    TC> ssh C

    TC> on A.

    TC> My question is, how can this be taken up to the next
    TC> level? That is, if I have four boxes such that A is in network 1,
    TC> B is in networks 1 and 2, C is in networks 2 and 3, and D is in
    TC> network 3, can one do some OpenSSH magic so that accessing D from
    TC> A by SSH is just a matter of doing

    TC> ssh D

    TC> on A?


    http://groups.google.com/group/comp....bf3b6f7cce4563

    --
    Richard Silverman
    res@qoxp.net


  3. Re: Concatenated SSH tunnels

    On Mon, 10 Apr 2006 21:17:57 -0400, Richard E. Silverman wrote:

    >>>>>> "TC" == Thomas Carter writes:

    >
    > TC> I have three boxes running OpenSSH. Box A is in network 1, TC>
    > box B is in networks 1 and 2, and box C is in network 2. I can ssh TC>
    > from A into B with no problem, and from B into C with no TC> problem.
    > Under these conditions, I can arrange things so that I TC> can ssh
    > into C from A directly - essentially, in A I do
    >
    > TC> ssh -fngT -L 1022:C:22 -C B ping -i 30 localhost
    >
    > TC> and with a judicious choice of names in the .ssh/config file in
    > TC> each box, establishing an SSH connection from A to C is just a TC>
    > matter of invoking
    >
    > TC> ssh C
    >
    > TC> on A.
    >
    > TC> My question is, how can this be taken up to the next TC> level?
    > That is, if I have four boxes such that A is in network 1, TC> B is in
    > networks 1 and 2, C is in networks 2 and 3, and D is in TC> network 3,
    > can one do some OpenSSH magic so that accessing D from TC> A by SSH is
    > just a matter of doing
    >
    > TC> ssh D
    >
    > TC> on A?
    >
    >
    > http://groups.google.com/group/comp....bf3b6f7cce4563


    Thanks for your reply. Thinking about it, I came up with a solution to
    the following:

    1) A in net 1.
    2) B in nets 1 and 2.
    3) C in nets 2 and 3.
    4) D in nets 3 and 4.
    5) E in net 4.
    6) B, C, D and E are listening for SSH connections on port 22.

    In A:

    ssh -fngT -L 1022:C:1022 -C B ping -i 30 localhost

    In C:

    ssh -fngT -L 1022:E:22 -C D ping -i 30 localhost

    With this, executing

    ssh -p 1022 localhost

    in A will create an interactive shell on E.

    This works for me, but I wonder if this requires assumptions that I have
    not made explicit (because I am not aware of them)?




+ Reply to Thread