SSH gateway server
Solution 1
This is not possible in your described way, because ssh
does not use any concept of domains and sub-domains (hostname is not part of protocol, as it is for HTTP). It is using hostnames only to get IP address and it is used (and port of course). Your concept would only work if you would have list of public IP addresses, which you probably don't have when you ask this question.
This case is commonly solved using jumpbox
server, where you connect using public IP and from there you see local network (with possibly local DNS names). This requires to use, for example:
ssh -t jumpbox ssh anotherhost.localdomain
but it can be simplified using ProxyCommand
in client configuration:
Host *.localdomain
ProxyCommand ssh -W %h:%p jumpbox
And then the connection to distant node is transparent. When you type
ssh anotherhost.localdomain
it will bring you to the target host over the jumpbox
.
Solution 2
Below is the command to setup an SSH gateway server:
$ ssh -L 2222:secureserver:22 user@gateway cat -
Enter the password when prompted (but you should really be using public key authentication, anyway). After this, in another terminal, use this to connect to the secure server.
$ ssh -p 2222 user2@localhost
That’s it. You can now use ssh, scp, or any other command to directly talk to the secure server through the gateway. You only need to run the first command once and keep it running in a hidden terminal.
Related videos on Youtube
Lightning77
Updated on September 18, 2022Comments
-
Lightning77 over 1 year
Is there anyway to set up a ssh gateway server? What I am trying to setup is a way to connect to a specific linux shell on a Lan remotely from the internet without using port numbers. So for example login on would look like this
ssh server1.domain.com
or
ssh server2.domain.com
instead of
ssh domain.com:(portnumber)
and having port forwarding map(portnumber)
to port 22 of the servers private IP addressEach server would have a private IP address and share the public IP.
Thank You
-
user1686 about 8 yearsThe ProxyCommand method is best, because it doesn't expose the plaintext to the jumpbox itself (as the
ssh -t
method would). -
Jakuje about 8 years@grawity Thanks. That is good point. But the middle way is easier to understand for users.