1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSH Tunnelling

Discussion in 'Networks & Internet Connectivity' started by Si MPS, 10 May 2010.

  1. Si MPS

    Hitman

    Joined: 20 Jun 2004

    Posts: 911

    Location: Manchester

    Ok, i'm pretty pig ignorant on tunnelling so i need some help. Essentially, my dillema is this. We have a management server that i want to be able to SCP to, but the problem is that I cannot SCP directly to this server, I have to connect to my VPN in the datacenter to SCP onto it, so what i want to do is create an SSH tunnel between my machine and jumpbox B to allow me to SCP onto the Management server.

    Authentication method is via public key/private key pair for Jumpboxes and a Username and Password for Management Server.

    My Machine > Jumpbox A > Jumpbox B > Management Server

    My question is, is there a way i can tunnel and SSH tunnel via A+B to allow me to SCP directly to the Management server?

    And if so, how do i do this? I've tried a couple of articles but they have confused me slightly
     
  2. anything I don't mind

    PermaBanned

    Joined: 28 Dec 2009

    Posts: 13,054

    Location: london

    why not just connect using the vpn and then scp over it ?

    am i missing a step ?

    you could create a tunnel on "my machine" to jumpbox B then use filezilla to sftp though the tunnel and then via the vpn. once you are through the tunnel the vpn should work as long as it is setup on jumpbox B

    can you ssh directly to jumpbox b ? If not it is possible you would have to do a double tunnel though. If it was a perment tunnel you could do ssh chaining, transparent ssh tunnel chaining
     
    Last edited: 10 May 2010
  3. frustin

    Hitman

    Joined: 22 Oct 2002

    Posts: 600

    in a datacentre? is there a tiered network? are you going in through a DMZ? will the firewall rules even allow you to connect to each of those servers in turn?

    EDIT: are you sure you're even allowed to do that even if it is possible?
     
    Last edited: 11 May 2010
  4. anything I don't mind

    PermaBanned

    Joined: 28 Dec 2009

    Posts: 13,054

    Location: london

    lol

    oops, good job we have people around like you frustin or i would be helping criminals here. D:

    at least i didn't tell him how to do it, just that it was possible.
     
  5. frustin

    Hitman

    Joined: 22 Oct 2002

    Posts: 600

    i wasnt trying to intimate any criminal activity. i was trying to discover if there was a security policy in place in the said datacentre that says that that sort of thing is not allowed.
     
  6. anything I don't mind

    PermaBanned

    Joined: 28 Dec 2009

    Posts: 13,054

    Location: london

    Yea i was just joking :D
     
  7. Si MPS

    Hitman

    Joined: 20 Jun 2004

    Posts: 911

    Location: Manchester

    the reason i don't want to vpn in to SCP is because i have to disconnect my PC from the LAN and then connect it to the internet because i cannot get to that paticular concentrator over the LAN.

    i managed to do it anyway, after a lot of fiddling i ended up calling on some help from a guy in the unix team, although i've got a further dillema now

    i've got my nested tunnel set up, and if i SSH to localhost:forwardedport i get my SSH session, good times, however whenever i try and SCP i get a connection refused. i can definitely SCP to my destination box via the VPN, at first i thought it might have been the IDS sensors in the firewalls, but i can get through there fine via the VPN and not via the tunnel.

    it's aching my brain, oh, and i am not a 'criminal', wind it in
     
  8. anything I don't mind

    PermaBanned

    Joined: 28 Dec 2009

    Posts: 13,054

    Location: london

    that is why i suggest filezilla.

    what os is the "my machine" on. you would have to scp and state the localhost: port (tunnel port) in the scp command, i am not sure if scp supports socks proxy. i would just use filezilla and sftp as i know that filezilla supports socks proxy.