Establish first tunnel on StartBox:8888
ssh -x -v email@example.com -L 8888:192.168.44.134:22
This is an ssh to firstname.lastname@example.org
It adds a port forward to 192.168.44.134’s port 22. It doesn’t have to be to port 22. For example, if 192.168.44.134 (HOP2) listened for ssh on port 422, the command would look like:
ssh -x -v email@example.com -L 8888:192.168.44.134:422
The 8888 is your local port, for example on your StartBox, typing: ssh user1@localhost -p 8888
Would give you this output in your tunnels terminal:
debug1: Connection to port 8888 forwarding to 192.168.44.134 port 22 requested.
Establish second tunnel through first tunnel to targets port 22.
ssh -x -v -p 8888 student@localhost -L 192.168.44.132:9999:192.168.44.135:22
ssh student@localhost -p 8888
SSH session to yourself on port 8888. This gets forwarded through your first tunnel and equates to: ssh student@HOP2 -p 22
Binding port 9999 on interface with IP 192.168.44.132 (this is very important if you have more than one interface. Even if you only have one, still explicitly state the IP)
Forward the bound port 9999’s traffic to 192.168.44.135 port 22
Altogether: bind local port 9999 and forward traffic to TargetBox:22, send SSH connect request to local port 8888.
Great! Now you have two tunnels and you are forwarding localhost:9999 -> (through tunnel1) -> targetbox:22
ssh -x -v -p 9999 firstname.lastname@example.org -i ./id_rsa_lougle
That’s the “There” part, now lets get back.
ssh -v -x -p 8888 student@localhost -R 54311:192.168.44.133:7777
ssh -v -x email@example.com -R 7777:192.168.44.132:54311
These would both be run on your local machine. If you notice, the first part of the SSH command is identical to the -L ssh commands we ran before. You could add these arguments to the ssh commands you execute when you are first making your tunnel if you wanted. Heres whats happening:
HOP2 is listening on port 54311 and forwards connections to HOP1:7777
HOP1 is listening on port 7777 and forwards connections to StartBox:54311
Heres all the above in two handy-dandy commands, now that we understand whats going on:
ssh -x -v firstname.lastname@example.org -L 8888:192.168.44.134:22 -R 7777:192.168.44.132:54311
ssh -x -v -p 8888 student@localhost -L 192.168.44.132:9999:192.168.44.135:22 -R 54311:192.168.44.133:7777