SSH gateway server

linux networking ssh port-forwarding
17,452

Solution 1

This is not possible in your described way, because ssh does not use any concept of domains and sub-domains (hostname is not part of protocol, as it is for HTTP). It is using hostnames only to get IP address and it is used (and port of course). Your concept would only work if you would have list of public IP addresses, which you probably don't have when you ask this question.

This case is commonly solved using jumpbox server, where you connect using public IP and from there you see local network (with possibly local DNS names). This requires to use, for example:

ssh -t jumpbox ssh anotherhost.localdomain

but it can be simplified using ProxyCommand in client configuration:

Host *.localdomain
  ProxyCommand ssh -W %h:%p jumpbox

And then the connection to distant node is transparent. When you type

ssh anotherhost.localdomain

it will bring you to the target host over the jumpbox.

Solution 2

Below is the command to setup an SSH gateway server: 

$ ssh -L 2222:secureserver:22 user@gateway cat -

Enter the password when prompted (but you should really be using public key authentication, anyway). After this, in another terminal, use this to connect to the secure server.

$ ssh -p 2222 user2@localhost

That’s it. You can now use ssh, scp, or any other command to directly talk to the secure server through the gateway. You only need to run the first command once and keep it running in a hidden terminal.

Share:
17,452

Related videos on Youtube

Lightning77
Author by

Lightning77

Updated on September 18, 2022

Comments

  • Lightning77
    Lightning77 over 1 year

    Is there anyway to set up a ssh gateway server? What I am trying to setup is a way to connect to a specific linux shell on a Lan remotely from the internet without using port numbers. So for example login on would look like this

    ssh server1.domain.com

    or

    ssh server2.domain.com

    instead of ssh domain.com:(portnumber) and having port forwarding map (portnumber) to port 22 of the servers private IP address

    Each server would have a private IP address and share the public IP.

    Thank You

  • user1686
    user1686 about 8 years
    The ProxyCommand method is best, because it doesn't expose the plaintext to the jumpbox itself (as the ssh -t method would).
  • Jakuje
    Jakuje about 8 years
    @grawity Thanks. That is good point. But the middle way is easier to understand for users.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

SSH: Troubleshooting "Remote port forwarding failed for listen port" errors
Warning: remote port forwarding failed for listen port 'xxxx'
SSH to home computers
ssh -L (error: bind: Address already in use)
How to connect to device via SSH over direct ethernet connection
"Connection closed by (ip adress) port 22" when trying to connect to raspberry pi with ssh
SSH Client Closes Connection
Remotely access a Raspberry PI
SSH into remote computer from home (Port foward)
Virtual Machine with Bridged Adapter to Centos not accepting ssh from host machine