Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
ssh chaining, for ssh and scp
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
1clue
Advocate
Advocate


Joined: 05 Feb 2006
Posts: 2516

PostPosted: Fri Oct 17, 2014 5:25 pm    Post subject: ssh chaining, for ssh and scp Reply with quote

Hi,

I have my home network, which has Linux boxes -- several distros -- and a Mac.

I have a remote office behind a SOHO router.

The remote office has several Linux boxes and one of them has ssh exposed. Edit: The reason these other boxes have not been exposed is for lack of open ports on the router. They only have 20 rules on firewall, and they're all used.

I want to be able to start from home, and then ssh or scp (I want both, but not at the same time) to a non-exposed host inside the remote network using the exposed host.

Something like this:

Code:
ssh me@exposedhost 'ssh me@internalhost'


Only that doesn't work, because 'stdin is not a terminal.'

I've been using scp to get a file to the exposed host, and then scp again to get it to the internal host. I'd like to be able to just go directly if I could figure out how to set up the command. Likewise with an ssh session.

Any ideas?
Back to top
View user's profile Send private message
papahuhn
l33t
l33t


Joined: 06 Sep 2004
Posts: 623

PostPosted: Fri Oct 17, 2014 5:26 pm    Post subject: Reply with quote

ssh -t is your friend.
_________________
Death by snoo-snoo!
Back to top
View user's profile Send private message
1clue
Advocate
Advocate


Joined: 05 Feb 2006
Posts: 2516

PostPosted: Fri Oct 17, 2014 5:49 pm    Post subject: Reply with quote

That's awesome for ssh, I didn't think it would be so easy.

It still leaves the scp part though.

The source could be one of several boxes on my side, each behind a NAT router. The remote public host is behind a nat router which has ssh directed to it.

Is there a reasonable way to handle this? The -3 option doesn't work because of the NAT on my end.

Thanks.
Back to top
View user's profile Send private message
Jaglover
Watchman
Watchman


Joined: 29 May 2005
Posts: 6971
Location: Saint Amant, Acadiana

PostPosted: Fri Oct 17, 2014 9:06 pm    Post subject: Reply with quote

You could redirect port 22 to different ports in router for different boxes, for instance port 23 has no use (on internet) and of course there is no limit if you go to higher ports. This way you could access all boxes directly, just by choosing the corresponding port.
_________________
Please learn how to denote units correctly!
Back to top
View user's profile Send private message
szatox
Veteran
Veteran


Joined: 27 Aug 2013
Posts: 1717

PostPosted: Sat Oct 18, 2014 6:38 pm    Post subject: Reply with quote

You can use the one with exposed ssh as a stepping stone for the others. You know, make it forward your traffic for you :)
Back to top
View user's profile Send private message
1clue
Advocate
Advocate


Joined: 05 Feb 2006
Posts: 2516

PostPosted: Sun Oct 19, 2014 4:55 am    Post subject: Reply with quote

There is a limit of 20 port forwarding rules allowed on the SOHO router, and they're all used. There is only one rule for ssh, no room for any others.

The idea of forwarding traffic is what I'm asking about. The -t flag that papahuhn gave me is perfect for ssh, but I am also looking for an scp technique.

The remote network is not my network. I have some control over it but not full control.

Thanks.
Back to top
View user's profile Send private message
papahuhn
l33t
l33t


Joined: 06 Sep 2004
Posts: 623

PostPosted: Sun Oct 19, 2014 8:59 am    Post subject: Reply with quote

If there is "nc" or "netcat" on the exposed host, google suggests this:
Code:
scp -o ProxyCommand='ssh me@exposedhost nc internalhost 22' me@internalhost:/path/to/file.txt /path/to/dest/

_________________
Death by snoo-snoo!
Back to top
View user's profile Send private message
1clue
Advocate
Advocate


Joined: 05 Feb 2006
Posts: 2516

PostPosted: Wed Oct 22, 2014 8:26 pm    Post subject: Reply with quote

Sorry it took so long to get back. This works very well, thanks for everything.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 13509

PostPosted: Wed Oct 22, 2014 11:56 pm    Post subject: Reply with quote

You may be able to use ssh -W internalhost:22 me@exposedhost instead of invoking an external netcat.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum