I know the title of the post is long but I wanted the title to be accurate.
So, I have a situation wherein there are 3 servers serverA, serverB & serverC.
ServerA & ServerC can both connect to serverB but not to each other.
But if we required to access serverC from serverA or copy a file from serverC to serverA.
We can accomplish this using ssh tunneling & port forwarding.
To get the setup in place the following 2 directives must be set to yes in /etc/ssh/sshd_config file:
So, I have a situation wherein there are 3 servers serverA, serverB & serverC.
ServerA & ServerC can both connect to serverB but not to each other.
But if we required to access serverC from serverA or copy a file from serverC to serverA.
We can accomplish this using ssh tunneling & port forwarding.
To get the setup in place the following 2 directives must be set to yes in /etc/ssh/sshd_config file:
- AllowTcpForwarding (Specifies whether TCP forwarding is permitted. The available options are “yes” or “all” to allow TCP forwarding, “no” to prevent all TCP forwarding, “local” to allow local forwarding only or “remote” to allow remote forwarding only. )
- GatewayPorts (Specifies whether remote hosts are allowed to connect to ports forwarded for the client. By default, sshd binds remote port forwardings to the loopback address. This prevents other remote hosts from connecting to forwarded ports. GatewayPorts can be used to specify that sshd should allow remote port forwardings to bind to non-loopback addresses, thus allowing other hosts to connect. The argument may be “no” to force remote port forwardingsto be available to the local host only, “yes” to force remote port forwardings to bind to the wildcard address, or“clientspecified” to allow the client to select the address to which the forwarding is bound. The default is “no”.)
On the source server i.e. serverA in our case run the following command:
ssh -L <local port>:serverC:22 serverB
The above command will establish a tunnel from serverA to serverC through serverB.
So, now if you want to connect to serverC from serverA type:
ssh localhost -p <local port>
If you want to copy a file from serverC to serverA type:
scp -P <local port> localhost:/path/to/file /path/to/save/file
Here is a cool demonstration on 3 centOS 7 machines:
From my source machine I create a tunnel to 192.168.44.131 via 192.168.44.132 using port forwarding at my local port 9191:
Now with the above command we are logged in to 192.168.44.132 & the tunnel has been established.
To check if port forwarding is working, look for the port 9191 in netstat output:
We can infer from the above output that the ssh service is listening on the local port 9191.
Now, to connect to 192.168.44.131 which is our serverC in this example:
That's it & we're logged in!
To test the scp transfer through the tunnel, lets copy a file:
No comments:
Post a Comment