I currently have this situation:
I have three machines. Call them:
- host-client: Windows 7 running the OpenSSH 6.0p1 client under Cygwin
- host-ssh-jump-server: Windows 7 running the OpenSSH 6.0p1 server under Cygwin
- host-server: Debian 8.9 running the OpenSSH 6.7p1
server, and running an http server on port 8080
host-client opens a SOCKS5 proxy as follows:
ssh -D localhost:1080 -N my-username@host-ssh-jump-server
On host-client, the web browser is configured to use a SOCKS5 proxy at localhost:1080.
The user browses to the web server running on host-server from host-client by entering the following URL into the browser:
http://host-server:8080
The problem is that the connection between host-client and host-server is unencrypted on the hop between host-ssh-jump-server and host-server.
At this moment, getting HTTPS running on host-server is not an option. I need a stopgap. I need to extend the SSH tunnel all the way to host-server.
To minimize user disruption, I would like to do this with these constraints:
- Don't change the SOCKS5 proxy they create on host-client.
- Don't change the URL they use to browse to host-server, except possibly for the port number.
- Other (unrelated) applications traverse the SOCKS5 proxy. They must not be disrupted.
- Any new tunnels that would be created would need to have the listening port be bound to localhost for security.
How may I do this, or is it not possible?
Best Answer