Multiple jump with multiple keys


(Ramy Sadek) #1

Hello! I'd like help configuring Core Tunnel to make a multi-hop connection using multiple keys. Here's what I'm trying to do:

user@localhost/id_rsa--> user2@jump1/key1.pem --> user3@jump2/key2.pem --> user4@target

But I can't figure this out in the GUI. Any help is greatly appreciated!
Thanks!


(Yang.Y) #2

What's your command line? I can help you translate to Core Tunnel configuration.


(Ramy Sadek) #3

I don’t have a command line version. One of the reasons I bought Core Tunnel was to avoid figuring out the command line way to do this :laughing:


(Yang.Y) #4

Firstly, you have to enable Core Helper:

Then edit your ~/.ssh/config, put some lines to it:

Host localhost
IdentityFile ~/.ssh/id_rsa

Host jump1
IdentityFile ~/.ssh/key1.pem

Host jump2
IdentityFile ~/.ssh/key2.pem

Next, create a tunnel with host point to target and login with user4, in Connection tab set Proxy Jump option to:

user@localhost,user2@jump1,user3@jump2

The directives configured in ~/.ssh/config would be applied to jump hosts accordingly. You can find more directives at here:

https://man.openbsd.org/ssh_config.5

Feel free to comment if you need assistance.


(Ramy Sadek) #5

Thanks for your help!
I'm still struggling to get this to work properly. My current process is this:

ssh to each host and create tunnel via a command like:
ssh -N -L -i key.pem localhost:8887:localhost:8889 user1@host1

So I have a chain of tunnels like:
local <--tunnel1--> host2 <--tunnel2--> host3<--tunnel3-->targetHost

However when I try create either a direct tunnel with jump hosts, or reproduce this tunnel chain in Core Tunnel, it doesn't quite work. Core Tunnel shows the connections succeeded; however the forwarding does not work and I cannot connect to the server on targetHost.

Any thoughts or suggestions? Is there a way I can get additional debug info for you?


(Yang.Y) #6

Could you please set Log Level to Debug3:

And then post your log contents?


(Ramy Sadek) #7

Sure, here is the log output:

CoreTunnelLog.txt (32.0 KB)


(Yang.Y) #8

Thanks for the log, it seems your tunnel does not have port forwarding items, please follow this link to add port forwarding:


(Ramy Sadek) #9

Thanks!
I'm still having trouble though as I'm confused about which connections are remote vs local, etc. and there seem to be multiple ways to connect.

I've tried several approaches. Here is a screenshot from an all-in-one attempt
25%20PM

Is this what you have in mind, or do you suggest a different method? This connection succeeds but forwarding does not appear to work, I'm not sure why.


(Yang.Y) #10

Could you please say more about your purpose, for example, which port you'd like to be used to forward to what host? The clearer your description of the purpose, the more likely I could guide you step by step.