Multi-hop VNC tunnel over SSH
Is it possible to chain together multiple SSH tunnel hops in a single `ssh -L` command on the client side? I have two gateways I need to get through in order to access a remote host. For a normal SSH client connection, it's simple enough chain this all together by simply appending the additional SSH connection commands to the first one:
Code:
ssh gateway.1 ssh gateway.2 ssh remote.host Code:
ssh -L [local-port]:localhost:[remote-port|5900] remote.host && vncviewer localhost:[display] Code:
ssh -tL 5900:localhost:22 gateway1 ssh -tL 50022:gateway2:22 remote.host 'some.vnc.viewer -localhost -display :0' |
Hi
how about this: Code:
ssh -X gateway.1 ssh -X gateway.2 ssh -X remote.host |
Hi sys64738,
Yes: of course that works. But my question is whether it's possible to tunnel multiple hops and script everything entirely on the client side. |
How about that:
Code:
ssh -X user@gateway.1 ssh -X user@gateway.2 ssh -X user@remote.host vncviewer I hope that is OK? |
Hi sys64738,
Quote:
|
OK back to your ssh statement. If I got it right you said you got warnings about man in the middle attacks.
If you want to ignore those warnings add: Code:
-o 'StrictHostKeyChecking=no' Code:
ssh -o 'StrictHostKeyChecking=no' -tL 5900:localhost:22 gateway1 ssh -o 'StrictHostKeyChecking=no' -tL 50022:gateway2:22 remote.host 'some.vnc.viewer -localhost -display :0' BTW I think you have to tell the 'some.vnc.viewer' on remote.host to use port 50022. |
Thanks sys64738. `StrictHostKeyChecking` was the key, though it should not be used on untrusted systems. Note that you don't need to specify the vnc port on the remote host, but you do need to specify a display port:
Code:
ssh -o 'StrictHostKeyChecking=no' -ACtYL 5900:localhost:22 you@gateway1 ssh -o 'StrictHostKeyChecking=no' -ACtYL 50022:localhost:5900 you@gateway2 ssh -ACtY you@remotehost vncviewer localhost:0 |
All times are GMT -5. The time now is 01:54 PM. |