5

I have the following situation:

A -----|------ B -----|------ Work

Work can SSH into B, and A can SSH into B, but apart from that everything is firewalled. What I would like to do is in effect create a SSH tunnel between Work and A so that I can VNC into Work from A.

From work I have created a remote SSH tunnel:

ssh -R 5900:localhost:5900 B

This means that I can VNC from B into work. But what do I need to do to extend this to A. I have tried to create a local SSH tunnel from A to B like this:

ssh -L 5901:localhost:5900 B

But it gives, bind: Cannot assign requested address, as 5900 has already been assigned.

Does anyone have any ideas how to do this?

ctype.h
  • 205
  • 1
  • 3
  • 11
yoda230
  • 191
  • 2
  • 7
  • Make sure on A and B `GatewayPorts=yes`in /etc/ssh/sshd_config. Also `ssh -R B:5900:localhost:5900 B` from Work -> B. Then `ssh -R A:5900:B:5900 A` from B -A. – rhasti Dec 22 '12 at 21:18
  • @rhasti No! Don't suggest `GatewayPorts`. It will then be available for *anyone* from outside. – gertvdijk Dec 22 '12 at 22:52

2 Answers2

2

Just to answer my own question, for some reason you have to force ipv4 i.e. from A 

ssh -4 -L 5901:localhost:5900 B

That works.

yoda230
  • 191
  • 2
  • 7
0

I am not sure whether my answer will be perfect but I will give it a try.

The setup you are trying will obviously won't work, as you are forwarding from port 5900 on B to work and also forwarding port 5900 from A to B.

But you can't use same port for 2 different connections, that's why you are getting the error "bind: Cannot assign requested address, as 5900 has already been assigned."

What you can do is that setup a forwarder on B.

Then try to use this command from A: # ssh -L 5901:localhost:5901 B

And then forward the traffic from port 5901 to 5900 and vice versa on B.

I don't have the setup and time to test it, but I am very curious to know whether it will work or not.

So, request you to please get back here with results once you have tested this.

Napster_X
  • 3,373
  • 18
  • 20
  • But how do you "forward the traffic from port 5901 to 5900 and vice versa on B.". As just posted it does seem to work if you force ipv4. It is a reverse tunnel from Work to B and a local one from A to B, so the port on B shouldn't be taken twice should it? – yoda230 Dec 22 '12 at 21:31
  • Wow ... not sure how that worked as you are using the same port for the connection and SSH tunnel keep the port used all the time, but glad it worked. Now I too know the solution :) – Napster_X Dec 23 '12 at 03:25
  • Regarding the traffic forwarding, you can use something like iptables, which can forward traffic from one port to another without much effort. As I said, I was thinking logical, and never don't it, so just soem weird thinking. – Napster_X Dec 23 '12 at 03:26