LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 09-12-2012, 04:38 AM   #1
kubuntu-man
LQ Newbie
 
Registered: Oct 2011
Posts: 27

Rep: Reputation: Disabled
ssh tunnelling to multiple destinations - how to handle changing server key ?


Hello there,

I need to connect to multiple destination hosts within a remote network through one gateway - preferably at the same time.

So far, I needed only one destination. I did something like:
Code:
ssh -L 2221:host1:22 user@gateway.remotenetwork.de
for opening the tunnel and
Code:
ssh -p 2221 user@localhost
for the login. That worked well.

Now , with three target hosts, I thought I could do something like
Code:
ssh -L 2221:host1:22 -L 2222:host2:22 -L 2223:host3:22 user@gateway.remotenetwork.de
for opening the tunnel and one of
Code:
ssh -p 2221 user@localhost
ssh -p 2222 user@localhost
ssh -p 2223 user@localhost
for the login. But this does not work.

The problem is that host1, host2, host3 have different host keys (and I can not change that), but appear to be the same host to the ssh client due to the @localhost part of the ssh command.

So, to access host1, host2, host3 one after another, I could switch the ~/.ssh/known_hosts file.
But that would be cumbersome and would not allow me to access all three destinatons at the same time.

I can not open several ssh connections to the gateway and from there, log in to the three destinations, because login via ssh is not the only thing I need to do. I also need to do scp, sshfs, and ssh-git, therefore I need a tunneled (but direct from the client's point of view) access to all three destination hosts.

Is there a way to make ssh client distinguish these three destinations (by the local port or so) ?
Or is there a way to choose a different .ssh directory or known_hosts file for each ssh invocation (without creating multiple users locally) ?
Or something else ?

Thanks in advance,
Kubuntu-man - now using XFCE :-)
 
Old 09-12-2012, 04:41 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966
check out the ProxyCommand for ssh_config, that's a much nicer way to do what you want. Took me years to discover it, big forehead slap when I read about it.
 
Old 09-13-2012, 11:31 AM   #3
Reuti
Senior Member
 
Registered: Dec 2004
Location: Marburg, Germany
Distribution: openSUSE 13.1
Posts: 1,320

Rep: Reputation: 252Reputation: 252Reputation: 252
You can put something like:
Code:
Host *
    NoHostAuthenticationForLocalhost yes
~/.ssh/config file.
 
Old 09-13-2012, 11:44 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966
Quote:
Originally Posted by Reuti View Post
You can put something like:
Code:
Host *
    NoHostAuthenticationForLocalhost yes
~/.ssh/config file.
It works, but it's a bit hacky, no?
 
Old 09-13-2012, 12:23 PM   #5
Reuti
Senior Member
 
Registered: Dec 2004
Location: Marburg, Germany
Distribution: openSUSE 13.1
Posts: 1,320

Rep: Reputation: 252Reputation: 252Reputation: 252
Most of the time I use it to connect to machines which canít be reached directly from the Internet and trust the infrastructure behind the firewall.
 
Old 09-13-2012, 02:03 PM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966
sure, but ProxyCommand is even more suitable for that.
 
Old 09-17-2012, 08:40 AM   #7
kubuntu-man
LQ Newbie
 
Registered: Oct 2011
Posts: 27

Original Poster
Rep: Reputation: Disabled
Thanks a lot, the ProxyCommand did the job for me too. I needed to search the web for examples to get it working, but now it's fine.

For anyone having the same problem (and finding this thread), here's my ~/.ssh/config:
Code:
Protocol=2
ServerAliveInterval=120

Host gateway
	HostName gateway.remotenetwork.de
	Port 22
	User user

Host host1 host2 host3
	ProxyCommand ssh -q -a -x gateway netcat %h 22
Sometimes, netcat is just nc
 
Old 09-17-2012, 09:52 AM   #8
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966
I'll add on here something can be useful at times. On modern versions of bash, you should have access to /dev/tcp. This can be used to not even require netcat:

Code:
ProxyCommand ssh gatewayserver 'exec 3<>/dev/tcp/%h/22; cat <&3 & cat >&3;kill $!'
it's certainly much more confusing that netcat, but it's pure bash, so when you're already in a world of dog legging tcp connections aroudn your environment, not having the right tools to do it is very understandable...
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Putty/SSH login failed when using RSA public key: 'Server refused our key' itsecx@gmail.com Linux - Server 10 10-04-2010 01:19 PM
Possible to have multiple SSH accounts & clients using the same RSA key on server?? a2brute Linux - Server 2 03-31-2008 12:25 PM
SSH Tunnelling Only Server humbletech99 Linux - Security 1 08-03-2007 08:33 PM
SSH tunnelling to connect FTP server through a router: ports to enroute? guarriman Linux - Networking 1 05-04-2007 12:51 PM
using dd comand to write to multiple destinations dln2k5 Linux - Newbie 1 10-28-2004 05:17 PM


All times are GMT -5. The time now is 04:37 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration