Super User Asked by Vahagn Tumanyan on December 22, 2020
Let’s say there are 3 computers A B and C. B and C are remote computers but in the same local network.
I SSH into computer B from computer A. Is it now possible to ssh into C from B?
It is entirely possible. Not only that but there are ways to automate this process within SSH (more then 1 in fact).
Many "secure" systems use this approach where server C only trust server B, and everyone needs to SSH through it. The name for this kind of host is called a bastion.
You can also set up B to authenticate and forward a connection to C without even getting a shell on B - either by using SSH forwarding or by having SSHon B recognise the log in and immediately log in to C.
Correct answer by davidgo on December 22, 2020
Yes, this is not only possible but also quite common, and therefore a supported use case; the correct search terms for this are bastion host, jump host, or ssh proxy.
ProxyJump
option of ssh
, specified with the -J
flag, which will establish a connection to hostC through hostB:
# on host A
ssh -J userB@hostB userC@hostC
ProxyCommand
option, which can use any command to connect to the target host using stdin/stdout of the command:
ssh -o ProxyCommand "ssh userB@hostB -W %h:%p" userC@hostC
This will first start a second ssh
client connecting to hostB and -W
will connect its stdin/stdout to hostC [%h
] on the ssh port [%p
]..ssh/config
, allowing you to connect with just ssh hostC
:
Host hostC
User userC
ProxyJump userB@HostB
# alternatively using ProxyCommand:
#ProxyCommand ssh -W %h:%p userB@hostB
If for some reason both ProxyJump
and ProxyCommand
/ssh -W %h:%p
are not available to you, you could setup tunneled port forwarding yourself:
# start a ssh process in the background to forward
# from localhost (host A) port 2222 to port 22 on hostC from hostB
ssh -f -N -L localhost:2222:hostC:22 userB@hostB
# connect to localhost:2222 which is tunneled to hostC:22
ssh -p 2222 userC@localhost
Answered by acran on December 22, 2020
Well, if system B can reach system C via tcp port 22 and there is an SSH daemon running on C where you have a valid user for - yes!
Answered by fratester on December 22, 2020
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP