Create an SSH tunnel with authentication keys - Syntax

ssh ssh-tunnel ssh-keys
29,270

Solution 1

I made it work using the .ssh/config file instead of trying to put all my parameters in my commands. Here is the results if someone needs it:

Host the-gateway
  Hostname GATEWAY_IP
  Port 22
  User ubuntu
  IdentityFile ~/.ssh/keys/GATEWAY_KEY.pem

Host the-tunnel
  Hostname localhost
  Port 1122
  User ubuntu
  IdentityFile ~/.ssh/keys/PRIVATE_SERVER_KEY.pem

And then the 2 commands:

ssh -N -L 1122:SERVER_PRIVATE_IP:22 the-gateway
ssh the-tunnel

Doing that way, SSH can use my pem keys.

Solution 2

If I understood your question correctly, and you want to ssh to "PrivateServer", then your second ssh call should be:

myMachine $ ssh -i PRIVATE_SERVER_KEY.pem -p 1122 ubuntu@localhost

If not, please clarify in a comment on your question.

Share:
29,270
Guilhem Soulas
Author by

Guilhem Soulas

Updated on September 18, 2022

Comments

  • Guilhem Soulas
    Guilhem Soulas over 1 year

    I have to create an SSH tunnel to connect a deployment server to an VPN:

    DeploymentServer --> Gateway --> PrivateServer

    Each machine using a key, I tried the following command:

    myMachine $ ssh -i GATEWAY_KEY.pem -N -L 1122:ubuntu@SERVER_PRIVATE_IP:22 ubuntu@GATEWAY_IP

    And then this one in other terminal window:

    myMachine $ ssh -i PRIVATE_SERVER_KEY.pem -p 1122 ubuntu@SERVER_PRIVATE_IP

    But it doesn't work, I get a timeout error. My port 1122 is open and I can SSH it. I don't what I'm doing wrong, is my syntax correct?

    It's my first tunnel so don't laugh at me!

    EDIT 1

    I added -v and fixed the second SSH call.

    First call: myMachine $ ssh -i GATEWAY_KEY.pem -N -L 1122:ubuntu@SERVER_PRIVATE_IP:22 ubuntu@GATEWAY_IP -v Response: debug1: Authentication succeeded (publickey).

    Second call: myMachine $ ssh -i PRIVATE_SERVER_KEY.pem -p 1122 ubuntu@localhost -v

    debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to localhost [::1] port 1122.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file .ssh/wamapi_staging.pem type -1
debug1: identity file .ssh/wamapi_staging.pem-cert type -1
ssh_exchange_identification: Connection closed by remote host

    And in the first tab again:

    debug1: Connection to port 1122 forwarding to [email protected] port 22 requested.
debug1: channel 2: new [direct-tcpip]
channel 2: open failed: administratively prohibited: open failed
debug1: channel 2: free: direct-tcpip: listening port 1122 for [email protected] port             22, connect from ::1 port 60341, nchannels 3
    • Admin
      Admin almost 11 years
      What are you trying to do? ssh to "PrivateServer"? Or establish a VPN somewhere?!
  • Guilhem Soulas
    Guilhem Soulas almost 11 years
    Thanks, I can wait until tomorrow to see if ubuntu@localhost works for me.
  • Guilhem Soulas
    Guilhem Soulas almost 11 years
    Hi @faker, I tried with ubuntu@localhost and localhost but I have these error messages: ssh_exchange_identification: Connection closed by remote host (second ssh call) and channel 2: open failed: administratively prohibited: open failed (first ssh call).
  • faker
    faker almost 11 years
    Are you able to ssh from the gateway to the private server? In any case, try adding -v to both ssh calls and edit the output into your question.
  • Guilhem Soulas
    Guilhem Soulas almost 11 years
    I edited my initial question. I can SSH the private server from the gateway on port 22 without any problem. Maybe should I use another port here also?
  • faker
    faker almost 11 years
    On the gateway, is AllowTcpForwarding set to no in sshd_config? I'm running out of ideas, it should work like you posted.
  • Guilhem Soulas
    Guilhem Soulas almost 11 years
    Doesn't help :( I customized the sshd_config as follow: GatewayPorts yes, PermitTunnel yes, Port 1122, AllowTcpForwarding yes. But I haven't changed anything on the private server config.
  • Guilhem Soulas
    Guilhem Soulas almost 11 years
    I have some news! I put -vvv to have the maximum level of debug and it's telling me:debug3: Not a RSA1 key file .ssh/PRIVATE_SERVER_KEY.pem. debug2: key_type_from_name: unknown key type '-----BEGIN'
  • Guilhem Soulas
    Guilhem Soulas almost 11 years
    see my answer below. I made it work that way. Thanks.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Impossible to connect ssh /root/.ssh/known_hosts': No such file or directory
Can't get SSH ProxyCommand to work (ssh_exchange_identification: Connection closed by remote host)
Working example of multiple permitopen options in authorized_keys
how to connect to mongodb server via ssh tunnel
ssh -T [email protected] Permission denied (publickey)
Not able to ssh to the server
Unable to SSH to Google Cloud
ssh key stops functioning after a while
Git looking for my SSH key in the wrong location
ansible ssh permission denied