[SOLVED] Ssh connection with proxy computer

jiteshpandey · 05-09-2019, 04:06 AM

My main system is connected locally through lan with other computer where I place backup files, while my laptop and main are having connection with each other through wifi hotspot. I have various files to copy to and fro from one system to other (as and when needed) which is on backup computer. To reach to backup computer I have ssh to main computer and then to backup computer and then to the file I want which consumes lot of time. I want to directly reach to the backup computer from my laptop. I have attached the file to explain my scenario. Thank You

Turbocapitalist · 05-09-2019, 05:05 AM

It's not clear which one in your description is A, B, or C in the diagram. However, if you can SSH from B to C then you can also SSH from A to C via B. Recent versions of the OpenSSH client support the ProxyJump (-J) option.

Code:

ssh -J userB@B userC@C

See "man ssh" and scroll down to ProxyJump for the details. If you have a really old version, then there are other methods but upgrading would be best.

jiteshpandey · 05-09-2019, 05:18 AM

The main system is B, the backup system is C and the third system which is laptop is system C. Further I would like to do it using ip forwarding as ssh -j option is not available.

Turbocapitalist · 05-09-2019, 05:32 AM

If you would like to forward packets, then look to iptables and I'll leave that for someone else here.

However, the quick way with SSH would be to use the ProxyCommand option if you cannot upgrade your instance of the OpenSSH client:

Code:

ssh -o ProxyCommand='ssh -W %h:%p userB@B' userC@C

The ssh -W %h:%p part is verbatim. Again, see "man ssh" but this time scroll down to the paragraph on ProxyCommand.

Once you have that worked out it can be added to the client's configuration file so it happens automatically for that one host.

jiteshpandey · 05-09-2019, 05:50 AM

That's good @Turbocapitalist but can I ping with this command, forgive if it's out of topic.

Turbocapitalist · 05-09-2019, 05:53 AM

You won't be able to ping C from A no matter what. If you looking for a way to check on C from A you can still use SSH, though there is a bit of overhead. It'd be better to ping C directly from B and then have a way to report to or from A.

jiteshpandey · 05-09-2019, 06:38 AM

But I can ping and ssh from C to A directly but not from other side, that is what killing me.

Turbocapitalist · 05-09-2019, 06:46 AM

Then you appear to have some routing set up already on B. Check the output from iptables-save on B and pay attention to each of the tables, especially if there is a nat table active or if the FORWARD chain is in use in the main table. However, others will have more experience with iptables and can provide better pointers.