Back to Codinn

SSH multiple hops with login


(Ahmed Gawad) #1

Hi,

I need to tunnel data through SSH multiple hops as following:

ssh username@target1 -L8059:target3:22

target3 is not directly accessible by target1 so when logged on target I ssh target2 which have access to target3

target1> ssh target2

this creates the tunnel.

can this be acheived by SSH tunnel knowing that target1, target2 doesn’t accept tunneling commands?


(Yang.Y) #2

@ahmedgawad you can achieve this by:

  1. Create a Dynamic Port Forwarding (aka. SOCKS proxy) between target1 and target2
  2. Create the tunnel between target1 and target3. And since target3 is not accessible on target1, so you should tell the tunnel use the SOCKS proxy created in step 1 (you can find the proxy option in “Settings…” -> “Connection” tab)

Just make sure SOCKS proxy connected before establish the tunnel.


(Ahmed Gawad) #3

Hi Yang,
Since target 1 doesn’t allow SSH tunneling commands as I said, I can’t create dynamic tunnel ssh -d, I only can on local machine.


(Yang.Y) #4

My bad, it seems you need 3 tunnels in SSH Tunnel:

  1. Tunnel A : create a Dynamic Port Forwarding (aka. SOCKS proxy) between your Mac and target1
  2. Tunnel B : create another Dynamic Port Forwarding (aka. SOCKS proxy) between your Mac and target2, and through the proxy created in Tunnel A
  3. Tunnel C : create the final wanted port forwardings on target3, through the proxy created in Tunnel B

Tunnel A acts as a bridge of Tunnel B which acts as a bridge of Tunnel C.


(Kamil Slowikowski) #5

I had a similar situation, and your advice worked.

I’d like to leave a note here for others who might run into this issue.

The setup:

laptop -> target1 -> target2 -> target3

There is a service running on target3 that is only accessible on target3 via port 8888. I want to expose that service on my laptop.

As you mentioned, we need to create 3 tunnels:

Tunnel A: localhost:9999 -> target1:22
Tunnel B: localhost:9998 -(localhost:9999)-> target2:22
Tunnel C: localhost:8888 -(localhost:9998)-> target3:8888

With these tunnels in place, navigating to localhost:8888 on my laptop should send data to target3:8888 via target2 and target1.

Here are the details you need to set up the tunnels in the SSH Tunnel app:

Tunnel A

SSH Host: target1:22
Port Forwarding: -D 9999

Tunnel B

SSH Host: target2:22
Port Forwarding: -D 9998

Connect through a proxy: Yes
Proxy Type: SOCKS5
Server: localhost:9999

Tunnel C

SSH Host: target3:22
Port Forwarding: -L 8888:localhost:8888

Connect through a proxy: Yes
Proxy Type: SOCKS5
Server: localhost:9998