15

Ok so I have a web server, lets call it Server A, which is providing a service via HTTPS. And I have an SSH gateway server, lets call it Server B.

Due to firewall rules I cannot access Server A's web service from my desktop linux computer. Therefore to view the web service I must SSH with X Forwarding to Server B and run firefox over the SSH tunnel. Server B can access Server A's web service and so it works.

I'm wondering if it would be possible to create an SSH tunnel between my PC and Server B which would allow me to access the service on Server A using my desktop web browser rather than running firefox over the SSH tunnel.

Jacob Tomlinson
  • 403
  • 2
  • 5
  • 15

2 Answers2

21

Yes, it is possible:

ssh -L 8443:serverA:443 -Nf [user@]<serverB>

This will let you point your desktop browser at port 8443 and send it to port 443 (the HTTPS port) on your server A. The -Nf will background the session and exit immediately back to your desktop, not establishing an actual shell session to server B.

John
  • 9,070
  • 1
  • 29
  • 34
  • 1
    You could also go directly to server A: `ssh -L 8443:localhost:443 -Nf [user@]` – John Mar 12 '14 at 12:00
  • Isnt HTTPS port 443? – clement Mar 12 '14 at 12:00
  • Right... feeling stupid now... sorry. Will make edits. I honestly don't know where I got 437 from... – John Mar 12 '14 at 12:01
  • I cannot go directly to Server A due to firewall restrictions. And I'm afraid the above doesn't work for me I get this error message `channel 2: open failed: administratively prohibited: open failed`. I assume Server B has `AllowTCPForwarding` disabled. – Jacob Tomlinson Mar 13 '14 at 09:02
  • Which machine do you run this command on? PC? serverA? – krupan Aug 27 '19 at 19:26
  • @krupan from the PC. – arauzo Jul 20 '21 at 10:34
  • I get several errors when trying to use these tunnels. When trying to connect to my router remotely, 400 Bad Request. If I try to connect to public servers, like Google or www.eldiario.es, something mess up and I get 404 or unknown domain... (I guess this is because of virtual names for one web server serving multiple domains). – arauzo Jul 20 '21 at 10:48
  • This has always confused me: `ssh -L 8443:serverA:443 -Nf [user@]` actually forwards 8443 on localhost to serverA:443 via serverB as “SSH jump server”. I always find it counterintuitive... – Jean-Philippe Pellet Oct 12 '22 at 13:39
  • So I guess it is correct to point the browser to 'localhost:8443' through http? Gives me a "Bad request. You're speaking plain HTTP to an SSL-enabled server port.". But using https is not an option either. Or is it? – untill Dec 01 '22 at 14:30
16

You dont even require SSH Tunneling to access the web service in Server A. You can use Dynamic Port Forwarding

ssh -N -D 9000 user@server_b

and configure your web browser to use SOCKS proxy host 127.0.0.1 and port 9000

clement
  • 955
  • 5
  • 9
  • He'll likely have to create some proxy exceptions, since using the proxy for everything won't let him get to resources that server B can't get to. Depending on the complexity of his work network, trying to use a proxy might be more effort than it's worth. – John Mar 12 '14 at 12:20
  • I do agree John. I just want to point that it is doable with `Dynamic Port Forwarding` too :) – clement Mar 12 '14 at 12:22
  • Which machine do you run this command on? PC? serverA? – krupan Aug 27 '19 at 19:27
  • Tried it. Run the command on the PC – krupan Aug 28 '19 at 00:24