SSH Tunnelling

Associate
Joined
20 Jun 2004
Posts
972
Location
Manchester
Ok, i'm pretty pig ignorant on tunnelling so i need some help. Essentially, my dillema is this. We have a management server that i want to be able to SCP to, but the problem is that I cannot SCP directly to this server, I have to connect to my VPN in the datacenter to SCP onto it, so what i want to do is create an SSH tunnel between my machine and jumpbox B to allow me to SCP onto the Management server.

Authentication method is via public key/private key pair for Jumpboxes and a Username and Password for Management Server.

My Machine > Jumpbox A > Jumpbox B > Management Server

My question is, is there a way i can tunnel and SSH tunnel via A+B to allow me to SCP directly to the Management server?

And if so, how do i do this? I've tried a couple of articles but they have confused me slightly
 
Permabanned
Joined
28 Dec 2009
Posts
13,052
Location
london
why not just connect using the vpn and then scp over it ?

am i missing a step ?

you could create a tunnel on "my machine" to jumpbox B then use filezilla to sftp though the tunnel and then via the vpn. once you are through the tunnel the vpn should work as long as it is setup on jumpbox B

can you ssh directly to jumpbox b ? If not it is possible you would have to do a double tunnel though. If it was a perment tunnel you could do ssh chaining, transparent ssh tunnel chaining
 
Last edited:
Associate
Joined
22 Oct 2002
Posts
656
in a datacentre? is there a tiered network? are you going in through a DMZ? will the firewall rules even allow you to connect to each of those servers in turn?

EDIT: are you sure you're even allowed to do that even if it is possible?
 
Last edited:
Associate
Joined
22 Oct 2002
Posts
656
i wasnt trying to intimate any criminal activity. i was trying to discover if there was a security policy in place in the said datacentre that says that that sort of thing is not allowed.
 
Associate
OP
Joined
20 Jun 2004
Posts
972
Location
Manchester
the reason i don't want to vpn in to SCP is because i have to disconnect my PC from the LAN and then connect it to the internet because i cannot get to that paticular concentrator over the LAN.

i managed to do it anyway, after a lot of fiddling i ended up calling on some help from a guy in the unix team, although i've got a further dillema now

i've got my nested tunnel set up, and if i SSH to localhost:forwardedport i get my SSH session, good times, however whenever i try and SCP i get a connection refused. i can definitely SCP to my destination box via the VPN, at first i thought it might have been the IDS sensors in the firewalls, but i can get through there fine via the VPN and not via the tunnel.

it's aching my brain, oh, and i am not a 'criminal', wind it in
 
Permabanned
Joined
28 Dec 2009
Posts
13,052
Location
london
that is why i suggest filezilla.

what os is the "my machine" on. you would have to scp and state the localhost: port (tunnel port) in the scp command, i am not sure if scp supports socks proxy. i would just use filezilla and sftp as i know that filezilla supports socks proxy.
 
Back
Top Bottom