StartBox: 192.168.44.132
HOP1: 192.168.44.133
HOP2: 192.168.44.134
Target: 192.168.44.135

Establish first tunnel on StartBox:8888

ssh -x -v steve@192.168.44.133 -L 8888:192.168.44.134:22

This is an ssh to steve@192.168.44.133
It adds a port forward to 192.168.44.134’s port 22. It doesn’t have to be to port 22. For example, if 192.168.44.134 (HOP2) listened for ssh on port 422, the command would look like:

ssh -x -v steve@192.168.44.133 -L 8888:192.168.44.134:422

The 8888 is your local port, for example on your StartBox, typing: ssh user1@localhost -p 8888
Would give you this output in your tunnels terminal:

debug1: Connection to port 8888 forwarding to 192.168.44.134 port 22 requested.

Establish second tunnel through first tunnel to targets port 22.

ssh -x -v -p 8888 student@localhost -L 192.168.44.132:9999:192.168.44.135:22

Breakdown:

ssh student@localhost -p 8888

SSH session to yourself on port 8888. This gets forwarded through your first tunnel and equates to: ssh student@HOP2 -p 22

-L 192.168.44.132:9999

Binding port 9999 on interface with IP 192.168.44.132 (this is very important if you have more than one interface. Even if you only have one, still explicitly state the IP)

:192,168.44.135:22

Forward the bound port 9999’s traffic to 192.168.44.135 port 22

Altogether: bind local port 9999 and forward traffic to TargetBox:22, send SSH connect request to local port 8888.

Great! Now you have two tunnels and you are forwarding localhost:9999 -> (through tunnel1) -> targetbox:22

Lets connect:

ssh -x -v -p 9999 lougle@192.168.44.132 -i ./id_rsa_lougle

That’s the “There” part, now lets get back.

ssh -v -x -p 8888 student@localhost -R 54311:192.168.44.133:7777
ssh -v -x steve@192.168.44.133 -R 7777:192.168.44.132:54311

These would both be run on your local machine. If you notice, the first part of the SSH command is identical to the -L ssh commands we ran before. You could add these arguments to the ssh commands you execute when you are first making your tunnel if you wanted. Heres whats happening:

HOP2 is listening on port 54311 and forwards connections to HOP1:7777
HOP1 is listening on port 7777 and forwards connections to StartBox:54311

Heres all the above in two handy-dandy commands, now that we understand whats going on:

ssh -x -v steve@192.168.44.133 -L 8888:192.168.44.134:22 -R 7777:192.168.44.132:54311
ssh -x -v -p 8888 student@localhost -L 192.168.44.132:9999:192.168.44.135:22 -R 54311:192.168.44.133:7777

SSH Tunneling or There and Back Again
Tagged on:         

Leave a Reply

Your email address will not be published.