2

I have my home computer A and a work computer C that I want to synchronise using unison. In the middle is a work computer B. A can communicate with B and B can communicate with C directly but A and C can't directly connect to each other. In fact the communication diagram looks like A->B<->C. That is A can connect to B but B can't connect to A.

To give an example how I use this setup, I currently do the following if I want to ssh from A to C

ssh -t -X -C me_B@B ssh -X me_C@C

How can I run unison from A and sync with C, maybe using ssh port forwarding?

To make it a little clearer, C has unfiltered outgoing connectivity to the Internet. B has unfiltered in and outgoing connectivity to both C and the Internet. A is my home computer.

Update

The following command line works for me to at least copy files from A to C

scp -oProxyCommand="ssh me_B@B nc -v %h %p" foo/* me_C@C:foo

Is there some way to use this idea to get unison to work?

Simd
  • 19,447
  • 42
  • 136
  • 271

1 Answers1

2

Yes, ssh port forwarding can be used for that. Use the following command on A if you want to forward ssh on port 22 at C to the local port 3000 (for example):

# Create the tunnel
ssh -L 3000:C:22 userB@B -N

After you have issued the command, you can login into C from A using:

# Connect using the tunnel
ssh -p 3000 userC@localhost

Note: During the discussion below it turned out, that in OP's network, the connection trough the tunnel can only be established using the following command:

ssh -p 3000 -l userC localhost

Note that I'm using -l userC instead of userC@.

Now you can use unison like this:

unison directory ssh://userC@localhost:3000 directory
hek2mgl
  • 152,036
  • 28
  • 249
  • 266
  • What the unison command line look like? Something like `unison directory ssh://me_B@localhost directory` ? – Simd Oct 20 '14 at 16:47
  • Let us test it step by step. Can you ssh connect to C from A using the commands I provided? – hek2mgl Oct 20 '14 at 16:50
  • I run ssh -L 3000:C:22 userB@B -N in one window and it asks for the password for B which I enter. I then do ssh -p 3000 userC@localhost from another and I see `channel 2: open failed: administratively prohibited: open failed` in the first window. The second window just shows `ssh_exchange_identification: Connection closed by remote host` – Simd Oct 20 '14 at 17:32
  • Then port forwarding is prohibited by the administrators of `B`. No chance. – hek2mgl Oct 20 '14 at 17:34
  • How come `ssh -t -X -C me_B@B ssh -X me_C@C` works and can I do something similar for unison? – Simd Oct 20 '14 at 17:37
  • I would suggest to report this problem to your administrators at work. Maybe they will allow forwarding to C if it is helpful. I don't see a chance afar from that. – hek2mgl Oct 20 '14 at 17:40
  • Is there something called a "reverse ssh tunnel" that might work? – Simd Oct 20 '14 at 17:47
  • Can you reach A from C without B? – hek2mgl Oct 20 '14 at 17:50
  • Yes in theory. A is my home computer so you can't actually ssh into it from anywhere as it doesn't run an ssh server. But C has free outgoing access to the Internet. It's just incoming traffic that is blocked. – Simd Oct 20 '14 at 17:56
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/63358/discussion-between-hek2mgl-and-user2179021). – hek2mgl Oct 20 '14 at 17:57
  • I added an update to the question. Maybe nc can help? – Simd Oct 21 '14 at 09:05
  • I worked out why it wasn't working! Something really dim. `ssh -N -f -L 2025:C:22 me_B@B` then `ssh -p 2025 -l me_C localhost` works. If you use me_C@ instead it fails with the error message I gave you. If you could update your answer I will accept it. – Simd Oct 21 '14 at 14:18
  • strange!! I'll add that to my answer – hek2mgl Oct 21 '14 at 20:56
  • Just add that the question is really clear and the current answer works perfectly for me. – hectorpal Jan 09 '16 at 21:19