Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED] ssh port forwarding using a ssh proxy
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
alex6
Apprentice
Apprentice


Joined: 18 Jul 2011
Posts: 172

PostPosted: Mon May 02, 2016 7:07 pm    Post subject: [SOLVED] ssh port forwarding using a ssh proxy Reply with quote

hi,


I need a web access on a server that uses https and java features.

Right now, this is what I am able to do :

Connect via ssh to a "ssh proxyserver"
From there I can use ssh to connect to my server.

I've heard about ssh port forwarding, tried different combinations of -D, -L and -R options without success...

Here is what I tried : (after configuring "proxy for socks" with 127.0.0.1 in the firefox settings)

-D 1080 on the ssh proxy server then -D 1080 again, and then trying to access with firefox on 127.0.0.1:1080
-D 1080 on the ssh proxy server then ssh -R 1080:localhost:443 root@myserver
-D 1080 on the ssh proxy server then ssh -L 1080:localhost:443 root@myserver
-D 1080 on the ssh proxy server then ssh -R 1080:myserverhostFQDN:443 root@myserver
-D 1080 on the ssh proxy server then ssh -L 1080:myserverhostFQDN:443 root@myserver

In the 4 last cases, when connecting via firefox, I can see this error message in the terminal :

Code:
"channel 3: open failed: connect failed: Connection refused"



Any ideas ?


Last edited by alex6 on Wed May 04, 2016 12:55 pm; edited 2 times in total
Back to top
View user's profile Send private message
ct85711
Veteran
Veteran


Joined: 27 Sep 2005
Posts: 1791

PostPosted: Mon May 02, 2016 10:11 pm    Post subject: Reply with quote

well, one common issue that hits people, is logging into root on ssh by default is disabled
Back to top
View user's profile Send private message
alex6
Apprentice
Apprentice


Joined: 18 Jul 2011
Posts: 172

PostPosted: Wed May 04, 2016 8:56 am    Post subject: Reply with quote

ct85711 wrote:
well, one common issue that hits people, is logging into root on ssh by default is disabled


Well I actually have only a user access to the ssh proxy, do you think it's a problem ?
Back to top
View user's profile Send private message
nativemad
Developer
Developer


Joined: 30 Aug 2004
Posts: 918
Location: Switzerland

PostPosted: Wed May 04, 2016 9:22 am    Post subject: Reply with quote

Well, if the proxy can reach the webhost, then there is no need to do multiple connections and setting up a socksproxy and so on...
Code:
ssh -L 443:WebserversDnsNameOrIP:443 user@sshproxy

Now if you start your browser, you can access the site via https://127.0.0.1

HTH, cheers
_________________
Power to the people!
Back to top
View user's profile Send private message
alex6
Apprentice
Apprentice


Joined: 18 Jul 2011
Posts: 172

PostPosted: Wed May 04, 2016 11:23 am    Post subject: Reply with quote

nativemad wrote:
Well, if the proxy can reach the webhost, then there is no need to do multiple connections and setting up a socksproxy and so on...
Code:
ssh -L 443:WebserversDnsNameOrIP:443 user@sshproxy

Now if you start your browser, you can access the site via https://127.0.0.1

HTH, cheers


Okay, so if understand I must run this from my client, right ?
I ran

Code:
# ssh -L 443:webserver:443 myuser@ssh_proxy


when I try to acces https://127.0.0.1, I recieve the following error in the terminal where I did this ssh :
Code:

-bash-3.2$ channel 3: open failed: connect failed: No route to host


I have this message even with firewall from both the client and webserver down.

On firefox I can see this message :

Quote:
Secure Connection Failed

The connection to 127.0.0.1 was interrupted while the page was loading.

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.


Does it mean I have to import the CA cert into firefox from the portal or the webserver or both ?

To make things clear : the "webserver" doesn't provide any access from the WAN, the only access from WAN is the ssh portal.
The "webserver" can only be accessed in LAN, that's why I try to make ssh forwarding.
Back to top
View user's profile Send private message
alex6
Apprentice
Apprentice


Joined: 18 Jul 2011
Posts: 172

PostPosted: Wed May 04, 2016 11:26 am    Post subject: Reply with quote

alex6 wrote:

when I try to acces https://127.0.0.1, I recieve the following error in the terminal where I did this ssh :
Code:

-bash-3.2$ channel 3: open failed: connect failed: No route to host


I have this message even with firewall from both the client and webserver down.


Sorry, actually with both firewall down, the message is a bit different :

Quote:
channel 3: open failed: connect failed: Connection refused
Back to top
View user's profile Send private message
alex6
Apprentice
Apprentice


Joined: 18 Jul 2011
Posts: 172

PostPosted: Wed May 04, 2016 12:55 pm    Post subject: Reply with quote

Sorry, layer 8 problem : I was actually using the wrong FQDN, as it was a VM inside a server who has a really close hostname (so FQDN) and I got confused...

Nativemad, thank you, your method actually works :)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum