SSH port forwarding through Windows machine

Question

is it possible to connect to an SSH server only accessible from inside a network, using a Windows machine without SSH as a gateway?.

Let me clarify my question with a sketch:

Me (Linux machine)---> WIN (Windows without SSHD)--->LIN (Linux with SSHD).

Machine Me, is the PC I'm using to connect to LIN through WIN. WIN is accessible from the outside, it has an RDESKTOP port open, and LIN is only accessible from inside the network.

Hope you understand the question.

Difficult to understand what you're getting at here. The Windows machine has port 3389 (RDP) exposed to the outside world, is that right? Sounds to me like you'd be better off disabling direct RDP access to the Windows machine and using it as a VPN server instead - assuming that your perimeter router isn't capable of that by itself. — Chris McKeown, Mar 28 '12 at 23:06
You are right, but I would like to know if theoretically it's possible to connect to an SSH server by *jumping* through a machine in the middle. — Leonardo Ramé, Mar 28 '12 at 23:11
Unfortunately not. It's the same as asking whether you could use a web server or an FTP server to do the same thing. — Chris McKeown, Mar 28 '12 at 23:16

score 3 · Accepted Answer · answered Mar 28 '12 at 23:10

OpenSSH has a very flexible ability to use proxy via the ProxyCommand option. If the Windows box doesn't have an SSH daemon on it, then can you install a socks proxy, an HTTP CONNECT proxy, or a generic TCP proxy? If so, then you can use it as a point to connect to the internal system. The exact details would depend on exactly what kind of proxy you install, and what kind of firewalls/filters are between the various systems.

There is no way you are going to do this without installing at least some kind of proxy on the Windows box. Windows doesn't have any built-in generic proxy that would allow it to forward SSH traffic.

Thanks @Zerodache, but I can't install anything in the Windows server. Anyway, I'll set this as my accepted answer. — Leonardo Ramé, Mar 28 '12 at 23:16

score 2 · Answer 2 · answered Mar 28 '12 at 23:17

The core question is if you can connect to some service through another machine. The answer is yes, but you need software.

I just did a quick google and found this thing: http://www.quantumg.net/portforward.php The same exists on Linux in various utilities, but my personal favorite is rinetd http://www.boutell.com/rinetd/.

Both work the same way - you run a program that basically forwards packets from one host to another. If you have access to the machine in the middle, you should be able to install a daemon / server that will do this.

+1 for rinetd, it saved me a lot of pain in the past. – 0xC0000022L Mar 29 '12 at 00:45 — 0xC0000022L, Mar 29 '12 at 00:45

score 0 · Answer 3 · edited Mar 29 '12 at 07:39

0

No, sshd does the forwarding so without a SSH daemon running in Windows you cannot.

edited Mar 29 '12 at 07:39

Lucas Kauffman

16,880
9
58
93

answered Mar 28 '12 at 23:10

johnshen64

5,865
24
17

score 0 · Answer 4 · answered Aug 13 '19 at 18:03

Windows has the builtin port mapping mechanism:

netsh interface ipv6 install  # Port forwarding needs to enable ipv6
netsh interface portproxy add v4tov4 listenaddress=123.234.12.34 listenport=22 connectaddress=192.168.1.2 connectport=22

Replace 123.234.12.34 with your Windows Server's public IP, and replace 192.168.1.2 with your Linux Server's intranet IP

SSH port forwarding through Windows machine

4 Answers4