TransWikia.com

SSH Port Forwarding Using a Jump Host

Unix & Linux Asked by Mike Slinn on January 27, 2021

I am trying to figure out how to get a jump host to work with AWS Cloud9. Below is a diagram taken from the blog post (on my staging server) there I am writing on the subject. Please refer to the blog post (just under 3000 words) for the entire scenario.

diagram

Here is the 4-party initialization sequence performed by an administrator using the client (laptop):

  1. The administrator logs into the target server ($C9_TARGET_HOST) using a (command line) terminal, and leaves the terminal open.
  2. The administrator logs into the jump host ($C9_JUMP_HOST) using a second (command line) terminal, and leaves the terminal open.
  3. An administrator opens a port ($C9_JUMP_PORT) on the jump host
    to accept ssh connections from AWS Cloud9.
  4. The administrator points a web browser at the
    Cloud9 web console
    to begin defining a Cloud9 environment.
  5. Once the administrator reaches the web page
    where the Cloud9 ssh key is available, they copy it to the clipboard.
  6. The administrator uses the open terminal connected to the target server to:

      Add the Cloud9 ssh key to ~/.ssh/authorized_hosts.

      Add a new host block to ~/.ssh/config that makes it easier to define a reverse ssh port forwarding tunnel from
      the target server to the jump host.

  7. The administrator uses the open terminal connected to the jump host to:
      Add the Cloud9 ssh key to ~/.ssh/authorized_hosts.

      Add a new host block to ~/.ssh/config that makes it easier to forward ssh commands
      from Cloud9 to the target server.

  8. The administrator defines a reverse ssh port forwarding tunnel from the target server to the jump host,
    which means that the jump host will connect back to the target server via the tunnel and forward ssh
    commands when a connection is made to the specified port ($C9_JUMP_PORT) on the jump host.

    ssh -fNR 
    $C9_JUMP_HOST:$C9_JUMP_PORT:localhost:22 $C9_JUMP_USER@$C9_JUMP_HOST

    I wonder if the `-T` option might be helpful?
    Should `nohup` be used?

  9. The administrator creates a reverse port forwarded tunnel using the definition they just created.
    nohup is used when creating the tunnel so it remains in place once the administrator logs off.
  10. After defining the jump host in the Cloud9 web console, the administrator presses the
    Next step button.
  11. Cloud9 attempts to reach the jump host.
  12. Cloud9 attempts to reach the target server via the jump host.
  13. If successful, Cloud9 advances the administrator’s web page to the next step.
  14. The administrator clicks on each Next step button that appears until the Cloud9 environment is defined.

I would be happy to provide credit in the blog posting to whomever might provide the solution.

One Answer

So what you want to to is to establish a reverse tunnel from the Target (private server) to the Jump Host (public server) so that you could establish a connection from AWS to Target, correct?

In that case, the reverse tunnel has to be built from the Target, so there you could invoke something like

ssh -f -N -R $JUMPER:$PORT:localhost:22 $USER@$JUMPER

Maybe you also want to try out "autossh" instead of "ssh", to keep your reverse tunnel open. The command uses an additional parameter for a monitor port:

autossh -M $MONITORPORT -f -N -R $JUMPER:$PORT:localhost:22 $USER@$JUMPER

If you use only the part $PORT:localhost:22, you have to go to the target in two steps:

  1. From AWS ssh to the Jump Server
  2. From the Jump Server ssh to localhost:$PORT to use the reverse tunnel.

Hope that helps, Georg

Answered by Georg Mach on January 27, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP