0

Suppose the network is like:

A(192.68.0.1)--------------------B(192.68.0.2)------------------C(192.68.0.3)

A is my ssh server, C is a target ssh server, and I can telnet from A to B(my account is not root).

B is a server not allow ssh login from others, but B can login to C via ssh.

Is it possible to connect C from A through B via ssh?

ylc
  • 438
  • 5
  • 14
  • Better suited for superuser.com (or maybe serverfault.com) – rene Feb 18 '12 at 11:42
  • You *may* be able to with a telnet session from A->B, then an SSH session from B->A and from B->C and a pipe of some sort, but everything you do will still be transmitted in the clear from A->B, so, why bother? – mkoistinen Feb 18 '12 at 11:51
  • First you take the chicken over in the boat, because the fox won't eat the chicken feed. Then you leave the chicken and come back for the fox. Once you have the fox and the chicken on the other side, you grab the chicken and take him back to the original side of the river. You leave the chicken, but take the chicken feed. Then you use your last trip to come back and get the chicken. – synthesizerpatel Feb 18 '12 at 12:02
  • Because account on C is important but on B is not afraid of being stolen. – ylc Feb 18 '12 at 12:08

2 Answers2

0

If you can run programs on B, you can use something like simpleproxy to forward the TCP connection to C.

Then you SSH from A to some port on B (not 22), which will forward your connection to C. Everything will still be encrypted since the SSH session is A<->C.

cha0site
  • 10,517
  • 3
  • 33
  • 51
  • I've tried to figure out this for a while and it worked eventually! It is succinct and there is no need to reveal my account on A! – ylc Feb 18 '12 at 14:04
0

ok telnet to b you can actually ssh to yourself on b, but the following command may not work but try it first

ssh -L0.0.0.0:2200:192.68.0.3:22 127.0.0.1 ... if sshd is not running on b... then ssh to c

ssh -L0.0.0.0:2200:192.68.0.3:22 192.68.0.3

do a

netstat -an | grep 2200 -- Do this on b (192.68.0.2)

if the netstat has 127.0.0.1 listening on 2200 and not 0.0.0.0 this trick wont work... but if it does... you can then connect to ssh on port 2200 to b and it will hit c

ssh 192.68.0.2:2200

i have you ssh to localhost on b because i cant remember the command to not spawn a shell and im too lazy to look it up... but if the solution above does not work you wont be able to redirect ports with ssh without root, you would have to change the config file on b

you would have to add GatewayPorts yes to the sshd config file in /etc/sshd/conf/sshd_config

http://docstore.mik.ua/orelly/networking_2ndEd/ssh/ch09_02.htm -- this talks all about port forwarding with ssh

Ryan
  • 2,755
  • 16
  • 30
  • So if I got this it then failed? % netstat -an |grep 2200 and leads to **.2200 *.* 0 0 24576 0 LISTEN – ylc Feb 18 '12 at 12:42
  • i dunno, the *.2200 is kind of confusing... try connecting to 'b' with ssh on that port 2200... – Ryan Feb 18 '12 at 12:49
  • I would think that it is listening correctly, but you dont know until you try :) – Ryan Feb 18 '12 at 12:49
  • When I ssh to b on 2200 it says: channel 2: open failed: administratively prohibited: open failed – ylc Feb 18 '12 at 13:01
  • you have the other ssh connection open with the -L command? if so then you will probably have to come up with an alternate solution. The administratively prohibited means you got a reset (the port is not open) – Ryan Feb 18 '12 at 13:03