Super User Asked by Luis Decker on November 28, 2020
I have the following problem: I need to access a local webserver from a bunch of machines (let’s say PC-01, PC-02 … , PC-XX) that I can only access over a ssh bridge (PC-SSH).
I solved the ssh problem of connecting to this various machines by adding a rule on my sshconfig file:
Host PC-*
IdentityFile ~/.ssh/id_rsa
User username
ProxyJump PC-SSH
With this I can just ssh PC-X
withouth any (manual) jumps.
Currently, to access the pages on PC-XX, I need to do a ssh -L port:PC-XX:port PC-SSH
, but I need to do this manually to every PC-XX and to every port.
What I want is to be able to simply go to my browser and go to some url like PC-05:4040
and access the page on this machine on this port. Is this possible?
Thank you all for your attention!
One way to do this is with a proxy auto-config (PAC) file and a SOCKS proxy.
You would then set up the forwarding in your ~/.ssh/config
file to forward all requests on some local port through a SOCKS tunnel to the remote machine, and have the PAC file route requests matching the host name through that tunnel.
For example, a PAC file with content:
function FindProxyForURL(url, host) {
alert("url" + url);
if (shExpMatch(url,"*myhostname*")) {
alert("Using special tunnel");
return "SOCKS5 127.0.0.1:9999";
}
// All other requests go directly to the WWW:
return "DIRECT";
}
coupled with an entry in your ~/.ssh/config
file such as:
Host PH-*
IdentityFile ~/.ssh/id_rsa
User username
ProxyJump PC-SSH
DynamicForward 9999
when you execute ssh -Nf PH-05
would open local port 9999
and forward all local traffic on that port through your ssh
tunnel to PH-05
. The options -Nf
puts the process into the background, but the config file will open this forward for any ssh
connection to PH-*
, so you may prefer to create a specific alias for just the tunnel, e.g., PH-05-tunnel
, and only have the DynamicForward
included there. Alternatively, if PH-SSH
can access PH-05:4040
, then you could just create a PH-SSH-tunnel
rule, and set the hostname to PH-SSH
, eliminating the ProxyJump
part.
Then, depending on your setup (firefox
has proxy settings in the browser, chrome
/chromium
use system proxy settings) you tell your proxy manager to use the PAC file and then you can point your browser to, e.g., PH-05:4040
and your browser should render this page.
Answered by einfeyn496 on November 28, 2020
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP