View previous topic :: View next topic |
Author |
Message |
1clue Advocate
Joined: 05 Feb 2006 Posts: 2569
|
Posted: Fri Oct 17, 2014 5:25 pm Post subject: ssh chaining, for ssh and scp |
|
|
Hi,
I have my home network, which has Linux boxes -- several distros -- and a Mac.
I have a remote office behind a SOHO router.
The remote office has several Linux boxes and one of them has ssh exposed. Edit: The reason these other boxes have not been exposed is for lack of open ports on the router. They only have 20 rules on firewall, and they're all used.
I want to be able to start from home, and then ssh or scp (I want both, but not at the same time) to a non-exposed host inside the remote network using the exposed host.
Something like this:
Code: | ssh me@exposedhost 'ssh me@internalhost' |
Only that doesn't work, because 'stdin is not a terminal.'
I've been using scp to get a file to the exposed host, and then scp again to get it to the internal host. I'd like to be able to just go directly if I could figure out how to set up the command. Likewise with an ssh session.
Any ideas? |
|
Back to top |
|
|
papahuhn l33t
Joined: 06 Sep 2004 Posts: 626
|
Posted: Fri Oct 17, 2014 5:26 pm Post subject: |
|
|
ssh -t is your friend. _________________ Death by snoo-snoo! |
|
Back to top |
|
|
1clue Advocate
Joined: 05 Feb 2006 Posts: 2569
|
Posted: Fri Oct 17, 2014 5:49 pm Post subject: |
|
|
That's awesome for ssh, I didn't think it would be so easy.
It still leaves the scp part though.
The source could be one of several boxes on my side, each behind a NAT router. The remote public host is behind a nat router which has ssh directed to it.
Is there a reasonable way to handle this? The -3 option doesn't work because of the NAT on my end.
Thanks. |
|
Back to top |
|
|
Jaglover Watchman
Joined: 29 May 2005 Posts: 8291 Location: Saint Amant, Acadiana
|
Posted: Fri Oct 17, 2014 9:06 pm Post subject: |
|
|
You could redirect port 22 to different ports in router for different boxes, for instance port 23 has no use (on internet) and of course there is no limit if you go to higher ports. This way you could access all boxes directly, just by choosing the corresponding port. _________________ My Gentoo installation notes.
Please learn how to denote units correctly! |
|
Back to top |
|
|
szatox Advocate
Joined: 27 Aug 2013 Posts: 3131
|
Posted: Sat Oct 18, 2014 6:38 pm Post subject: |
|
|
You can use the one with exposed ssh as a stepping stone for the others. You know, make it forward your traffic for you |
|
Back to top |
|
|
1clue Advocate
Joined: 05 Feb 2006 Posts: 2569
|
Posted: Sun Oct 19, 2014 4:55 am Post subject: |
|
|
There is a limit of 20 port forwarding rules allowed on the SOHO router, and they're all used. There is only one rule for ssh, no room for any others.
The idea of forwarding traffic is what I'm asking about. The -t flag that papahuhn gave me is perfect for ssh, but I am also looking for an scp technique.
The remote network is not my network. I have some control over it but not full control.
Thanks. |
|
Back to top |
|
|
papahuhn l33t
Joined: 06 Sep 2004 Posts: 626
|
Posted: Sun Oct 19, 2014 8:59 am Post subject: |
|
|
If there is "nc" or "netcat" on the exposed host, google suggests this:
Code: | scp -o ProxyCommand='ssh me@exposedhost nc internalhost 22' me@internalhost:/path/to/file.txt /path/to/dest/ |
_________________ Death by snoo-snoo! |
|
Back to top |
|
|
1clue Advocate
Joined: 05 Feb 2006 Posts: 2569
|
Posted: Wed Oct 22, 2014 8:26 pm Post subject: |
|
|
Sorry it took so long to get back. This works very well, thanks for everything. |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21595
|
Posted: Wed Oct 22, 2014 11:56 pm Post subject: |
|
|
You may be able to use ssh -W internalhost:22 me@exposedhost instead of invoking an external netcat. |
|
Back to top |
|
|
|