linux – SSH tunnel on SSH tunnel between Windows and two Linux machines

linuxsshtunnelingwindows

I have the following configuration and want to establish a tunnel on a tunnel.
I read already the following topic:
How to put a tunnel in a tunnel?

My configuration:

Notebook --> Linux Server A --> Linux Server B

Notebook: Windows XP with putty
Linux Server A and B: Ubuntu 10.10

I have a ssh connection with a tunnel from my notebook via putty to Server A.
Now I want to establish a tunnel from Server A to B, so that I can connect with an IDE directly to my jboss on Server B.

This is the command I tried on Server A to establish a tunnel:

ssh -t -L 8080:localhost:8080 Server B -p 8822

This won't work.

Anybody an idea how to establish a working tunnel?

Best Answer

What you're looking for is called "ssh multi-hop". It is quite possible to do this transparently, using the ProxyCommand directive in .ssh/config (or an equivalent config option in PuTTY, or what-have-you):

Host linux-server-b
  ProxyCommand ssh -q linux-server-a nc -q0 linux-server-b 22

What this does, when you try to connect to linux-server-b:

opens a SSH connection to linux-server-a
runs netcat there, and opens a TCP connection to linux-server-b
forwards this connection back to you

This way, you can use all the features of SSH, as if you were connected to linux-server-b directly; you can even chain multiple hops together (server A to server B to server C to server D ...)

Related Solutions

Ssh – Remote SSH Tunnel not working with certificates

The -v option will gives you more information on the client side.

plink.exe -v -R *:62050:127.0.0.1:9000 user@host -i ./np.ppk
Looking up host "host"
Connecting to 135.x.x.x port 22
Server version: SSH-2.0-OpenSSH_5.1
Using SSH protocol version 2
We claim version: SSH-2.0-PuTTY_Release_0.63
...
Opened main channel
Requesting remote port *:62050 forward to 127.0.0.1:9000
Remote port forwarding from *:62050 enabled              <---<<<
Allocated pty (ospeed 38400bps, ispeed 38400bps)
Started a shell/command
...

If you didn't manage to find the answer with plink verbose mode. Open sshd in debug mode on another port (or ask the root administrator to do that).
No need to stop the regular sshd deamon.

# /usr/sbin/sshd -dd -p  2222
debug2: load_server_config: filename /opt/ssh/etc/sshd_config
debug2: load_server_config: done config len = 514
debug2: parse_server_config: config /opt/ssh/etc/sshd_config len 514
debug1: Config token is port
debug1: Config token is protocol
debug1: Config token is hostkey
debug1: Config token is hostkey
....

Then connect to that sshd instance with plink option -P

plink.exe -v -P 2222 -R *:62050:127.0.0.1:9000 user@host -i ./np.ppk

You will have the debug information of both end.

EDIT

The solution is in man sshd at the "AUTHORIZED_KEYS FILE FORMAT" chapter.

It is likely that the no-port-forwarding option has been associated to your key but that no global option has been set.

 no-port-forwarding
         Forbids TCP forwarding when this key is used for authentication.  Any port forward requests by the client will return
         an error.  This might be used, e.g. in connection with the command option.

You should have access to your home ~/.ssh/authorized_keys , edit the file and remove that option.

Sometimes the authorized_keys are centralized in a protected directory in that case you will not be able to change it.

Best Answer

Related Solutions

Ssh – Remote SSH Tunnel not working with certificates

EDIT

Related Question