View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions Multiple SSH Tunnel Access
Log in to Ask a Question

Multiple SSH Tunnel Access

networking

I have a bit of a mess I'm trying to accomplish. I'll layout my setup first:

Home Machine Dynamic IP SSH Tunnel to Web Server #1(active at all times)

Web server #1 Static IP SSH Tunnel to Web Server #2(active when connection received from Workstation Office

Workstation office Behind a scary government firewall(I work for the government).

So, to clarify, I want to SSH from Workstation office to Webserver #2 which should then active an SSH tunnel to Webserver #1 and forward me to that machine and in doing so forwards me to Home Machine.

Its a very complicated setup and am willing to simplify. However, I do NOT have access to the router at my home location(not my permanent residence) so cannot configure a dyndns account(reason for SSH tunnel).

Any ideas?

Yes, the webservers are Linodes and unfortunately, I can't divulge the reason for the hop between the two webservers. Sorry about that.

16 Replies

I'm not sure it's safe for us to help you tunnel out of a big, creepy organisation like the National Securit&^$3#.0(* NO CARRIER

@pclissold:

I'm not sure it's safe for us to help you tunnel out of a big, creepy organisation like the National Securit&^$3#.0(* NO CARRIER

See, you brought that on yourself. Now I have to come up with some excuse to 'deal' with your family…. :evil:

Just my $.02, but I don't think scary government firewalls are the best place for you to learn…

@Stever:

Just my $.02, but I don't think scary government firewalls are the best place for you to learn…

I'll certainly take that under advisement but that's not my question.

@nsajeff:

Any ideas?
I only saw one question, and I think my answer is appropriate ;)

You don't actually say which part of your setup you have a problem with, or what you want to be able to access on the Home Machine, so all I could comment on was that I thought it was a bad idea :>

I'll simplify this I suppose. How feasible is it to accomplish a tunneled SSH connection/SSH forwarding to access a /home partition on my home machine from my workstation using the 2 web servers as hops/forwards?

I think if you can get out of your scary firewall, then it is just a matter of repeating the same ssh tunnel to your second webserver. The connection from home may be tricky if it is not 100% reliable - then you'll need a script to reconnect as needed. If it were me, I would use OpenVPN from home to webserver since it will automatically reconnect whenever the ip changes or the connection times out.

@Stever:

I think if you can get out of your scary firewall, then it is just a matter of repeating the same ssh tunnel to your second webserver. The connection from home may be tricky if it is not 100% reliable - then you'll need a script to reconnect as needed. If it were me, I would use OpenVPN from home to webserver since it will automatically reconnect whenever the ip changes or the connection times out.

Interesting idea. I'll try OpenVPN with a script to maintain the connection. I'm curious though, once I get from my workstation to Server #1, how would I access my home machine?

P.S. I'm through the work firewall…helps when you control it I suppose… :evil:

> I'm curious though, once I get from my workstation to Server #1, how would I access my home machine?

With OpenVPN, you set up a whole new subnet with (fixed) private IPs, like 192.168.25.1. So your home machine now has a fixed IP, and you just SSH (or whatever) to it. IMO, OpenVPN really is the right solution for this, and BTW, you don't have to script to keep the link up, OpenVPN takes care of it.

If you set up Web Server 1 as an OpenVPN server, then both your Home Machine and Workstation Office can connect to it and share a private IP space as SteveG mentioned. If you really need the connection from work to be ssh and you must have the extra hop, then set up an ssh tunnel from work to Server 2 for the OpenVPN port.

Now, you'll have ssh traffic from work to server 2, and OpenVPN traffic between home, server 1, and server 2.

If you must have ssh between server 1 and server 2, another ssh tunnel is as simple as the first one.

In either case, with this setup you would have full network connectivity between work and home computers.

Very neat stuff. I'll start tinkering with that immediately. Should be quite the challenge. Thanks again everyone.

hrmmmm NSAjeff ???

Has the NSA been infiltrated by a double-agent, attempting to use Linode to get classified data out of the building??

hamachi worked great for me in the past. but cant get it to work on the linode centos distros.

You can chain multiple tunnel commands into one SSH command. I think that's what you're asking, anyway.

I do:

autossh -f -M 6969 -L 2222:host1:22 -D 8000 host2 -N

That gives me an SSH relay to host1 via host2 and an SSH SOCKS proxy via host2. Autossh will re-start the tunnel to host2 if it goes down.

Also, check out openvpn.

All that said, you probably signed something that says they can fire you if you circumvent their network access controls, and they probably watch what you SSH to (the connection in encrypted, but they can still see where your endpoint is), so don't do anything silly.

If its the NSA, I wouldn't be surprised if they could decrypt the SSH data in near-real time. Of course, the amount of processing power they'd dedicate to it would probably ensure we never heard from nsajeff again… That could be processor time we're using to listen to terrorists.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct