Ssh relay without opening ports

Question

I have machines A and B that can access a Relay machine via ssh, but not vice versa. Can I access machine B from A via the Relay machine without opening ports except 22 as that port is the only one accessible?

For example, a possible solution would be to ssh from B into Relay and opening files for reading stdin and writing stdout. Connecting from A to relay allows reading and writing into these files for communication to B.

Is there a way with command line tools to achieve this?

score 1 · Answer 1 · answered Aug 18 '20 at 12:58

1

Well, there is obviously already a port open on the relay, otherwise ssh wouldn't be possible.

The only way I see is for B to ssh to the relay and along with that, open a reverse tunnel which A can then use. You're looking for the "-R" option.

answered Aug 18 '20 at 12:58

Gerard H. Pille

2,569
1
13
11

score 1 · Answer 2 · edited Sep 18 '20 at 22:01

Here is one way:

ssh A to relay and forward a local port (for e.g. ssh -L 6022:127.0.0.1:6022) This command forwards local port 6022 on A to port 6022 on relay over SSH.
ssh B to relay and forward a remote port to local ( ssh -R 6022:127.0.0.1:22) This command forwards remote port 6022 on relay to local port 22 on B
Now on A, connect to localhost port 6022 using ssh and should be able to login to B.

Ssh relay without opening ports

2 Answers2