SSH Tunnel – How to Create an SSH Tunnel via Multiple Hops

sshtunnel

Tunneling data over SSH is pretty straight-forward:

ssh -D9999 username@example.com

sets up port 9999 on your localhost as a tunnel to example.com, but I have a more specific need:

I am working locally on localhost
host1 is accessible to localhost
host2 only accepts connections from host1
I need to create a tunnel from localhost to host2

Effectively, I want to create a "multi-hop" SSH tunnel. How can I do this? Ideally, I'd like to do this without needing to be superuser on any of the machines.

Best Answer

You basically have three possibilities:

Tunnel from localhost to host1:
```
ssh -L 9999:host2:1234 -N host1
```
As noted above, the connection from host1 to host2 will not be secured.
Tunnel from localhost to host1 and from host1 to host2:
```
ssh -L 9999:localhost:9999 host1 ssh -L 9999:localhost:1234 -N host2
```
This will open a tunnel from localhost to host1 and another tunnel from host1 to host2. However the port 9999 to host2:1234 can be used by anyone on host1. This may or may not be a problem.
Tunnel from localhost to host1 and from localhost to host2:
```
ssh -L 9998:host2:22 -N host1
ssh -L 9999:localhost:1234 -N -p 9998 localhost
```
This will open a tunnel from localhost to host1 through which the SSH service on host2 can be used. Then a second tunnel is opened from localhost to host2 through the first tunnel.

Normally, I'd go with option 1. If the connection from host1 to host2 needs to be secured, go with option 2. Option 3 is mainly useful to access a service on host2 that is only reachable from host2 itself.

Best Answer

Related Solutions

GUI to Tunnel VNC Over SSH on Windows

Linux CLI Connect Manager

Related Question