LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-30-2018, 10:52 PM   #1
divyashree
Senior Member
 
Registered: Apr 2007
Location: bbsr,orissa,India
Distribution: RHEL5 ,RHEL4,CENT OS5,FEDORA,UBUNTU
Posts: 1,373

Rep: Reputation: 135Reputation: 135
ssh multihop tunneling


Hi ,

There are 4 machines as follows:

Machine A - Remote Exadata DB machine
Machine B - Remote machine from which only I can connect to port 1521 of Machine A
Machine C - Local Machine (To run SQL Developer and can't connect machineA directly but to MachineB via bastion MachineD)
Machine D - Bastion server through which tunneling works from MachineC to MachineB

Machine C can access service running in Machine B only using SSH tunnelling.

e.g. ssh -L MachinD 12345:MachineB:7001

Is there any way I can access the Exadata DB(port 1521) of MachineA using SQL Developer running in MachineC using ssh tunnel ?

Last edited by divyashree; 01-31-2018 at 03:56 AM.
 
Old 01-31-2018, 12:21 AM   #2
divyashree
Senior Member
 
Registered: Apr 2007
Location: bbsr,orissa,India
Distribution: RHEL5 ,RHEL4,CENT OS5,FEDORA,UBUNTU
Posts: 1,373

Original Poster
Rep: Reputation: 135Reputation: 135
I am trying this way:

Quote:
ssh MachineD -L 15219:MachineB:15220 -L 15220:MachineA:1521
But its not working
 
Old 01-31-2018, 02:47 AM   #3
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 4,168
Blog Entries: 3

Rep: Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061
Which version of OpenSSH do you have for your initial client? If it is a recent version, then you can use the -J option along with the tunnel and just add a -J for each intermediate host. If you have an older version, then trickery is needed.
 
Old 01-31-2018, 03:05 AM   #4
divyashree
Senior Member
 
Registered: Apr 2007
Location: bbsr,orissa,India
Distribution: RHEL5 ,RHEL4,CENT OS5,FEDORA,UBUNTU
Posts: 1,373

Original Poster
Rep: Reputation: 135Reputation: 135
Quote:
Originally Posted by Turbocapitalist View Post
Which version of OpenSSH do you have for your initial client? If it is a recent version, then you can use the -J option along with the tunnel and just add a -J for each intermediate host. If you have an older version, then trickery is needed.
-J is not required as the proxy is configured and login is happening through the ssh key by default.
 
Old 01-31-2018, 03:16 AM   #5
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 4,168
Blog Entries: 3

Rep: Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061
Code:
Machine A
   |
Machine B 
   |
Machine C 
   |
Machine D ----- Machine E
I would try the following then from your client Machine E:

Code:
ssh -J machineD -J machineC -L 1520:machineA:1521 machineB
 
Old 01-31-2018, 03:32 AM   #6
divyashree
Senior Member
 
Registered: Apr 2007
Location: bbsr,orissa,India
Distribution: RHEL5 ,RHEL4,CENT OS5,FEDORA,UBUNTU
Posts: 1,373

Original Poster
Rep: Reputation: 135Reputation: 135
So I am trying this way now from my MachineC, ssh is complaining multiple -J is not allowed.

Quote:
ssh -J MachineD -L 15220:MachineA:1521 MachineB
and while accessing the service with port 15220, I am getting IO Error: Network Adapter Couldnot Establish COnnection

Last edited by divyashree; 01-31-2018 at 03:33 AM.
 
Old 01-31-2018, 03:40 AM   #7
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 4,168
Blog Entries: 3

Rep: Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061
What about from Machine E, the client you are starting from? If you are doing multi-hop then the sensible way is to do it all at once.
 
Old 01-31-2018, 03:55 AM   #8
divyashree
Senior Member
 
Registered: Apr 2007
Location: bbsr,orissa,India
Distribution: RHEL5 ,RHEL4,CENT OS5,FEDORA,UBUNTU
Posts: 1,373

Original Poster
Rep: Reputation: 135Reputation: 135
Quote:
Originally Posted by Turbocapitalist View Post
What about from Machine E, the client you are starting from? If you are doing multi-hop then the sensible way is to do it all at once.
There is no MachineE, MachineC is the localmachine from where I am running ssh client,
 
Old 01-31-2018, 04:17 AM   #9
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 4,168
Blog Entries: 3

Rep: Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061
Please draw an ASCII art network diagram to clarify what is where.
 
Old 01-31-2018, 05:39 AM   #10
divyashree
Senior Member
 
Registered: Apr 2007
Location: bbsr,orissa,India
Distribution: RHEL5 ,RHEL4,CENT OS5,FEDORA,UBUNTU
Posts: 1,373

Original Poster
Rep: Reputation: 135Reputation: 135
Code:
MachineA (DB Service with 1521)
     |
MachineB (Can access DB service locally)
     |
MachineD (Bastion Server)
     |
MachineC (Local Machine with ssh client)
This is network diagram.
 
Old 01-31-2018, 06:48 AM   #11
allend
LQ 5k Club
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware-current
Posts: 5,276

Rep: Reputation: 1919Reputation: 1919Reputation: 1919Reputation: 1919Reputation: 1919Reputation: 1919Reputation: 1919Reputation: 1919Reputation: 1919Reputation: 1919Reputation: 1919
Quote:
ssh is complaining multiple -J is not allowed.
The OpenSSH Cookbook gives this example
Quote:
Multiple jump hosts can be chained in the same way.
ssh -J user1@jumphost1.example.org:22,user2...t2.example.org:2222 fred@192.168.5.38
 
Old 01-31-2018, 07:45 AM   #12
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 21,952

Rep: Reputation: 5814Reputation: 5814Reputation: 5814Reputation: 5814Reputation: 5814Reputation: 5814Reputation: 5814Reputation: 5814Reputation: 5814Reputation: 5814Reputation: 5814
Quote:
Originally Posted by divyashree View Post
Code:
MachineA (DB Service with 1521)
     |
MachineB (Can access DB service locally)
     |
MachineD (Bastion Server)
     |
MachineC (Local Machine with ssh client)
This is network diagram.
Kind of confused with this thread; you're an RHCE, who's been a member here and has been working with Linux and SSH for ELEVEN YEARS...and you need help with a basic SSH command? allend looked up the page from the OpenSSH cookbook, and there are myriad examples you could find online. See the "Question Guidelines" link in my posting signature; doing basic research should be the first thing you do.

And an RHCE with eleven years experience should easily be able to (at the very least) put a small script into their .bashrc/.profile file on Machine D to ask "Would you like to connect to Machine b?", with a Y/N answer.
 
Old 01-31-2018, 07:50 AM   #13
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 4,168
Blog Entries: 3

Rep: Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061Reputation: 2061
Quote:
Originally Posted by TB0ne View Post
Kind of confused with this thread; you're an RHCE, ...
It only reinforces what I have come to think of certification in general.

ProxyJump (-J) turned up in OpenSSH 7.3 which is hopefully available in the backports repository. If this is for Red Hat, make use of that support contract. Otherwise, ProxyCommand will be needed and that is a fiddle.
 
Old 01-31-2018, 08:26 AM   #14
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 21,952

Rep: Reputation: 5814Reputation: 5814Reputation: 5814Reputation: 5814Reputation: 5814Reputation: 5814Reputation: 5814Reputation: 5814Reputation: 5814Reputation: 5814Reputation: 5814
Quote:
Originally Posted by Turbocapitalist View Post
It only reinforces what I have come to think of certification in general.
Totally agree, and that's why I've had that opinion about 'certifications' for a long time. Which is kind of sad, honestly, since I'm positive there are lots of hard working folks who have real knowledge and have EARNED those certificates, but far too many others claim them, and don't have the skills.
Quote:
ProxyJump (-J) turned up in OpenSSH 7.3 which is hopefully available in the backports repository. If this is for Red Hat, make use of that support contract. Otherwise, ProxyCommand will be needed and that is a fiddle.
Yep; or sidestep it with a simple script to ask if you want to go to another machine or not, and swap your SSH keys. After that, pressing "y" shouldn't be too arduous.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH Tunneling ghstkhp Linux - General 4 02-15-2013 09:34 PM
SSH server and SSH tunneling Achical Linux - Security 5 05-20-2012 10:07 AM
More ssh tunneling mortalic Linux - Networking 4 02-25-2009 01:37 AM
help with ssh tunneling rafa_gallego Linux - Networking 1 01-22-2008 10:45 AM
X tunneling with SSH phekno Linux - Networking 3 05-31-2005 10:43 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 02:58 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration