I am attempting a multi-hop SSH tunnel that needs to route traffic in both directions. My network config is:
My personal shell is on machineA
machineA can SSH into machineB
machineB can SSH into machineC
machineC is locally connected via ethernet to machineD
There is a service running on machineD wherein machineC sends UDP packets to machineD's portX, and machineD sends its replies via UDP to machineC's portY.
I have successfully done the following:
(from machineA)
ssh machineB
(from resulting shell)
ssh machineC
(from resulting shell)
echo "my command" | nc -u machineD portX #Send command to machineD's service
nc -ul portY #Read the results on machineC's port
I would like to do all of this via tunnels, so that I can run custom scripts directly on machine A to formulate service commands and parse the results. I tried the following in my .ssh config file:
host machineB
hostname x.x.x.x
user username_machineB
localforward 1234 machineC:22
host machineC
hostname localhost
user username_machineC
port 1234
localforward 1235 machineD:portX
remoteforward 1236 localhost:portY
I thought I could then do the following:
(from machineA)
ssh machineB
(from machineA again)
ssh machineC
(from machineA again)
echo "my command" | nc -u localhost 1235
nc -ul 1236
But...it doesn't seem to work. I don't see any of the expected replies on 1236. I'm not exactly sure how to debug this. I'm also not entirely sure of the format of those "localforward" and "remoteforward" lines on machineC's configuration. I don't know who will be interpreted as "localhost" when evaluating those lines. I suspect that remoteforwarding might be disabled on machineC, but I want to make sure I have configured everything else correctly first. Am I Doing It Wrong?
Alternatively, is there another way to achieve my end goal without having to change any configuration on machineB, C, or D? What I would like to do is use machineA to programatically construct complex commands intended for machineD, and parse the results using scripts on machineA as well.
You have to think backwards when you are doing this.
So basically machC can talk to machD's portX.
So you really want to run this on machA:
ssh machC
This is your end goal since that machine sends and receives from machD
Now you cannot get to machC directly, this is where your ProxyCommand entries come in.
host machC
ProxyCommand ssh machB nc %h %p
So you said machA can ssh to machB no problem. now if you do:
ssh -v machC
You'll see it hop through those things. But really you want a port forwarding and listener from machC to the ports on machD so you change the machC settings:
host machC
ProxyCommand ssh machB nc %h %p
# first part is port on your current shell, second part is relative to machC
LocalForward 1234 machD:portX
RemoteForward 1235 localhost:portY
so using your example above:
host machineB
hostname x.x.x.x
user username_machineB
host machineC
ProxyCommand ssh machineB nc %h %p
hostname localhost
user username_machineC
localforward 1235 machineD:portX
remoteforward 1236 localhost:portY
Then you can use command:
ssh machineC
use -v to see the hops and tunnels, and -N if you don't care about getting a shell. Now you can talk to your localhost's port 1235 to send to machineD portX and read from 1236 to listen to machineC portY
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.