Tunneling data over SSH is pretty straight-forward:
ssh -D9999 username@example.com
sets up port 9999 on your localhost
as a tunnel to example.com
, but I have a more specific need:
- I am working locally on
localhost
host1
is accessible tolocalhost
host2
only accepts connections fromhost1
- I need to create a tunnel from
localhost
tohost2
Effectively, I want to create a "multi-hop" SSH tunnel. How can I do this? Ideally, I'd like to do this without needing to be superuser on any of the machines.
Best Answer
You basically have three possibilities:
Tunnel from
localhost
tohost1
:As noted above, the connection from
host1
tohost2
will not be secured.Tunnel from
localhost
tohost1
and fromhost1
tohost2
:This will open a tunnel from
localhost
tohost1
and another tunnel fromhost1
tohost2
. However the port9999
tohost2:1234
can be used by anyone onhost1
. This may or may not be a problem.Tunnel from
localhost
tohost1
and fromlocalhost
tohost2
:This will open a tunnel from
localhost
tohost1
through which the SSH service onhost2
can be used. Then a second tunnel is opened fromlocalhost
tohost2
through the first tunnel.Normally, I'd go with option 1. If the connection from
host1
tohost2
needs to be secured, go with option 2. Option 3 is mainly useful to access a service onhost2
that is only reachable fromhost2
itself.