SSH gateway server











up vote
6
down vote

favorite
1












Is there anyway to set up a ssh gateway server? What I am trying to setup is a way to connect to a specific linux shell on a Lan remotely from the internet without using port numbers. So for example login on would look like this



ssh server1.domain.com


or



ssh server2.domain.com


instead of
ssh domain.com:(portnumber) and having port forwarding map (portnumber) to port 22 of the servers private IP address



Each server would have a private IP address and share the public IP.



Thank You






linux networking ssh port-forwarding







share|improve this question
























  • Possible duplicate of SSH - SSH into a host, under a router which you don't have access (can't forward the port)
    – Jarmund
    Mar 13 '16 at 21:49










  • @Lightning77 It can be achieved by an open-source tool called Ezeelogin - ezeelogin.com
    – Harikrishnan
    Mar 5 '17 at 13:54












  • In case someone arrives at this (more esoteric) question, while looking for the more common scenario described here: unix.stackexchange.com/questions/190490/…
    – michael
    Nov 30 at 3:55















up vote
6
down vote

favorite
1












Is there anyway to set up a ssh gateway server? What I am trying to setup is a way to connect to a specific linux shell on a Lan remotely from the internet without using port numbers. So for example login on would look like this



ssh server1.domain.com


or



ssh server2.domain.com


instead of
ssh domain.com:(portnumber) and having port forwarding map (portnumber) to port 22 of the servers private IP address



Each server would have a private IP address and share the public IP.



Thank You






linux networking ssh port-forwarding







share|improve this question
























  • Possible duplicate of SSH - SSH into a host, under a router which you don't have access (can't forward the port)
    – Jarmund
    Mar 13 '16 at 21:49










  • @Lightning77 It can be achieved by an open-source tool called Ezeelogin - ezeelogin.com
    – Harikrishnan
    Mar 5 '17 at 13:54












  • In case someone arrives at this (more esoteric) question, while looking for the more common scenario described here: unix.stackexchange.com/questions/190490/…
    – michael
    Nov 30 at 3:55













up vote
6
down vote

favorite
1









up vote
6
down vote

favorite
1






1





Is there anyway to set up a ssh gateway server? What I am trying to setup is a way to connect to a specific linux shell on a Lan remotely from the internet without using port numbers. So for example login on would look like this



ssh server1.domain.com


or



ssh server2.domain.com


instead of
ssh domain.com:(portnumber) and having port forwarding map (portnumber) to port 22 of the servers private IP address



Each server would have a private IP address and share the public IP.



Thank You






linux networking ssh port-forwarding







share|improve this question















Is there anyway to set up a ssh gateway server? What I am trying to setup is a way to connect to a specific linux shell on a Lan remotely from the internet without using port numbers. So for example login on would look like this



ssh server1.domain.com


or



ssh server2.domain.com


instead of
ssh domain.com:(portnumber) and having port forwarding map (portnumber) to port 22 of the servers private IP address



Each server would have a private IP address and share the public IP.



Thank You






linux networking ssh port-forwarding




linux networking ssh port-forwarding






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Mar 13 '16 at 21:10









Jakuje

7,10251828




7,10251828










asked Mar 13 '16 at 21:07









Lightning77

1681418




1681418












  • Possible duplicate of SSH - SSH into a host, under a router which you don't have access (can't forward the port)
    – Jarmund
    Mar 13 '16 at 21:49










  • @Lightning77 It can be achieved by an open-source tool called Ezeelogin - ezeelogin.com
    – Harikrishnan
    Mar 5 '17 at 13:54












  • In case someone arrives at this (more esoteric) question, while looking for the more common scenario described here: unix.stackexchange.com/questions/190490/…
    – michael
    Nov 30 at 3:55


















  • Possible duplicate of SSH - SSH into a host, under a router which you don't have access (can't forward the port)
    – Jarmund
    Mar 13 '16 at 21:49










  • @Lightning77 It can be achieved by an open-source tool called Ezeelogin - ezeelogin.com
    – Harikrishnan
    Mar 5 '17 at 13:54












  • In case someone arrives at this (more esoteric) question, while looking for the more common scenario described here: unix.stackexchange.com/questions/190490/…
    – michael
    Nov 30 at 3:55
















Possible duplicate of SSH - SSH into a host, under a router which you don't have access (can't forward the port)
– Jarmund
Mar 13 '16 at 21:49




Possible duplicate of SSH - SSH into a host, under a router which you don't have access (can't forward the port)
– Jarmund
Mar 13 '16 at 21:49












@Lightning77 It can be achieved by an open-source tool called Ezeelogin - ezeelogin.com
– Harikrishnan
Mar 5 '17 at 13:54






@Lightning77 It can be achieved by an open-source tool called Ezeelogin - ezeelogin.com
– Harikrishnan
Mar 5 '17 at 13:54














In case someone arrives at this (more esoteric) question, while looking for the more common scenario described here: unix.stackexchange.com/questions/190490/…
– michael
Nov 30 at 3:55




In case someone arrives at this (more esoteric) question, while looking for the more common scenario described here: unix.stackexchange.com/questions/190490/…
– michael
Nov 30 at 3:55










2 Answers
2






active

oldest

votes

















up vote
5
down vote













This is not possible in your described way, because ssh does not use any concept of domains and sub-domains (hostname is not part of protocol, as it is for HTTP). It is using hostnames only to get IP address and it is used (and port of course). Your concept would only work if you would have list of public IP addresses, which you probably don't have when you ask this question.



This case is commonly solved using jumpbox server, where you connect using public IP and from there you see local network (with possibly local DNS names). This requires to use, for example:



ssh -t jumpbox ssh anotherhost.localdomain


but it can be simplified using ProxyCommand in client configuration:



Host *.localdomain

  ProxyCommand ssh -W %h:%p jumpbox


And then the connection to distant node is transparent. When you type



ssh anotherhost.localdomain


it will bring you to the target host over the jumpbox.






share|improve this answer

















  • 1




    The ProxyCommand method is best, because it doesn't expose the plaintext to the jumpbox itself (as the ssh -t method would).
    – grawity
    Mar 13 '16 at 22:04










  • @grawity Thanks. That is good point. But the middle way is easier to understand for users.
    – Jakuje
    Mar 13 '16 at 22:20


















up vote
1
down vote













Below is the command to setup an SSH gateway server: 



$ ssh -L 2222:secureserver:22 user@gateway cat -


Enter the password when prompted (but you should really be using public key authentication, anyway). After this, in another terminal, use this to connect to the secure server.



$ ssh -p 2222 user2@localhost


That’s it. You can now use ssh, scp, or any other command to directly talk to the secure server through the gateway. You only need to run the first command once and keep it running in a hidden terminal.






share|improve this answer























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "3"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1052394%2fssh-gateway-server%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    5
    down vote













    This is not possible in your described way, because ssh does not use any concept of domains and sub-domains (hostname is not part of protocol, as it is for HTTP). It is using hostnames only to get IP address and it is used (and port of course). Your concept would only work if you would have list of public IP addresses, which you probably don't have when you ask this question.



    This case is commonly solved using jumpbox server, where you connect using public IP and from there you see local network (with possibly local DNS names). This requires to use, for example:



    ssh -t jumpbox ssh anotherhost.localdomain


    but it can be simplified using ProxyCommand in client configuration:



    Host *.localdomain
    
  ProxyCommand ssh -W %h:%p jumpbox


    And then the connection to distant node is transparent. When you type



    ssh anotherhost.localdomain


    it will bring you to the target host over the jumpbox.






    share|improve this answer

















    • 1




      The ProxyCommand method is best, because it doesn't expose the plaintext to the jumpbox itself (as the ssh -t method would).
      – grawity
      Mar 13 '16 at 22:04










    • @grawity Thanks. That is good point. But the middle way is easier to understand for users.
      – Jakuje
      Mar 13 '16 at 22:20















    up vote
    5
    down vote













    This is not possible in your described way, because ssh does not use any concept of domains and sub-domains (hostname is not part of protocol, as it is for HTTP). It is using hostnames only to get IP address and it is used (and port of course). Your concept would only work if you would have list of public IP addresses, which you probably don't have when you ask this question.



    This case is commonly solved using jumpbox server, where you connect using public IP and from there you see local network (with possibly local DNS names). This requires to use, for example:



    ssh -t jumpbox ssh anotherhost.localdomain


    but it can be simplified using ProxyCommand in client configuration:



    Host *.localdomain
    
  ProxyCommand ssh -W %h:%p jumpbox


    And then the connection to distant node is transparent. When you type



    ssh anotherhost.localdomain


    it will bring you to the target host over the jumpbox.






    share|improve this answer

















    • 1




      The ProxyCommand method is best, because it doesn't expose the plaintext to the jumpbox itself (as the ssh -t method would).
      – grawity
      Mar 13 '16 at 22:04










    • @grawity Thanks. That is good point. But the middle way is easier to understand for users.
      – Jakuje
      Mar 13 '16 at 22:20













    up vote
    5
    down vote










    up vote
    5
    down vote









    This is not possible in your described way, because ssh does not use any concept of domains and sub-domains (hostname is not part of protocol, as it is for HTTP). It is using hostnames only to get IP address and it is used (and port of course). Your concept would only work if you would have list of public IP addresses, which you probably don't have when you ask this question.



    This case is commonly solved using jumpbox server, where you connect using public IP and from there you see local network (with possibly local DNS names). This requires to use, for example:



    ssh -t jumpbox ssh anotherhost.localdomain


    but it can be simplified using ProxyCommand in client configuration:



    Host *.localdomain
    
  ProxyCommand ssh -W %h:%p jumpbox


    And then the connection to distant node is transparent. When you type



    ssh anotherhost.localdomain


    it will bring you to the target host over the jumpbox.






    share|improve this answer












    This is not possible in your described way, because ssh does not use any concept of domains and sub-domains (hostname is not part of protocol, as it is for HTTP). It is using hostnames only to get IP address and it is used (and port of course). Your concept would only work if you would have list of public IP addresses, which you probably don't have when you ask this question.



    This case is commonly solved using jumpbox server, where you connect using public IP and from there you see local network (with possibly local DNS names). This requires to use, for example:



    ssh -t jumpbox ssh anotherhost.localdomain


    but it can be simplified using ProxyCommand in client configuration:



    Host *.localdomain
    
  ProxyCommand ssh -W %h:%p jumpbox


    And then the connection to distant node is transparent. When you type



    ssh anotherhost.localdomain


    it will bring you to the target host over the jumpbox.







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered Mar 13 '16 at 21:19









    Jakuje

    7,10251828




    7,10251828








    • 1




      The ProxyCommand method is best, because it doesn't expose the plaintext to the jumpbox itself (as the ssh -t method would).
      – grawity
      Mar 13 '16 at 22:04










    • @grawity Thanks. That is good point. But the middle way is easier to understand for users.
      – Jakuje
      Mar 13 '16 at 22:20














    • 1




      The ProxyCommand method is best, because it doesn't expose the plaintext to the jumpbox itself (as the ssh -t method would).
      – grawity
      Mar 13 '16 at 22:04










    • @grawity Thanks. That is good point. But the middle way is easier to understand for users.
      – Jakuje
      Mar 13 '16 at 22:20








    1




    1




    The ProxyCommand method is best, because it doesn't expose the plaintext to the jumpbox itself (as the ssh -t method would).
    – grawity
    Mar 13 '16 at 22:04




    The ProxyCommand method is best, because it doesn't expose the plaintext to the jumpbox itself (as the ssh -t method would).
    – grawity
    Mar 13 '16 at 22:04












    @grawity Thanks. That is good point. But the middle way is easier to understand for users.
    – Jakuje
    Mar 13 '16 at 22:20




    @grawity Thanks. That is good point. But the middle way is easier to understand for users.
    – Jakuje
    Mar 13 '16 at 22:20












    up vote
    1
    down vote













    Below is the command to setup an SSH gateway server: 



    $ ssh -L 2222:secureserver:22 user@gateway cat -


    Enter the password when prompted (but you should really be using public key authentication, anyway). After this, in another terminal, use this to connect to the secure server.



    $ ssh -p 2222 user2@localhost


    That’s it. You can now use ssh, scp, or any other command to directly talk to the secure server through the gateway. You only need to run the first command once and keep it running in a hidden terminal.






    share|improve this answer



























      up vote
      1
      down vote













      Below is the command to setup an SSH gateway server: 



      $ ssh -L 2222:secureserver:22 user@gateway cat -


      Enter the password when prompted (but you should really be using public key authentication, anyway). After this, in another terminal, use this to connect to the secure server.



      $ ssh -p 2222 user2@localhost


      That’s it. You can now use ssh, scp, or any other command to directly talk to the secure server through the gateway. You only need to run the first command once and keep it running in a hidden terminal.






      share|improve this answer

























        up vote
        1
        down vote










        up vote
        1
        down vote









        Below is the command to setup an SSH gateway server: 



        $ ssh -L 2222:secureserver:22 user@gateway cat -


        Enter the password when prompted (but you should really be using public key authentication, anyway). After this, in another terminal, use this to connect to the secure server.



        $ ssh -p 2222 user2@localhost


        That’s it. You can now use ssh, scp, or any other command to directly talk to the secure server through the gateway. You only need to run the first command once and keep it running in a hidden terminal.






        share|improve this answer














        Below is the command to setup an SSH gateway server: 



        $ ssh -L 2222:secureserver:22 user@gateway cat -


        Enter the password when prompted (but you should really be using public key authentication, anyway). After this, in another terminal, use this to connect to the secure server.



        $ ssh -p 2222 user2@localhost


        That’s it. You can now use ssh, scp, or any other command to directly talk to the secure server through the gateway. You only need to run the first command once and keep it running in a hidden terminal.







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Nov 30 at 3:22









        Micho

        10515




        10515










        answered Mar 14 '16 at 11:33









        Elizabeth Anderson

        814




        814






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Super User!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.





            Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


            Please pay close attention to the following guidance:


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1052394%2fssh-gateway-server%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            flock() on closed filehandle LOCK_FILE at /usr/bin/apt-mirror

            Image
            0 I recently upgraded an Ubuntu 16.04 virtual machine to 18.04. I regularly use this VM to run apt-mirror at school on their high-speed internet, then rsync these files to my rack-mount server at home for updating multiple computers at home without wasting the tiny amount of bandwidth I have there. Since updating I can't get apt-mirror to run on my VM. It keeps giving the error: flock() on closed filehandle LOCK_FILE at /usr/bin/apt-mirror line 214 immediately followed by: apt-mirror is already running, exiting at /usr/bin/apt-mirror line 217 apt-mirror is NOT running, and does not have a cron job. I've tried rebooting, and even looked for the old-style lockfile to delete, but I guess that method is no longer used. Is there some way to force unlock this so I can run apt-mirror? UPDATE: So... I f
            Read more

            Mangá

            Image
              Nota:  Não confundir com Manga. Mangás e Animes Mangá Mangaká • Tankōbon Film comic La nouvelle manga Mangá original em inglês Anime História Animação influenciada por animes • Filler • OVA • Seiyū Públicos Kodomo • Shōjo • Shōnen Josei • Seinen Gêneros Mahō shōjo • Mecha • Harém Ecchi • Hentai ( Yaoi • Yuri Futanari • Shotacon • Lolicon Toddlercon ) Termos Bishōjo • Chibi • Fan service Gaiden • Kawaii • Kaitō • Light novel Mahō shōnen • Moe (antropomorfismo • Kemonomimi Nekomimi ) • Super deformed Omake • Tsundere • Yonkoma Listas Mangás • Animes • Ecchi • Mangaka • Estúdios • Revistas Fãs ( otaku ) Anime Music Video Convenções • Cosplay Dōjinshi • Fansub • Fandub • Fujoshi OS-tan • Scanlation Portal de Anime e mangá v d e O mangá (português brasileiro) ou manga (português europeu) [ 1 ] (em japonês: 漫画 , manga ? , lit. “história em quadrinhos”) , é a
            Read more

             ⁒  ․,‪⁊‑⁙ ⁖, ⁇‒※‌, †,⁖‗‌⁝    ‾‸⁘,‖⁔⁣,⁂‾
”‑,‥–,‬ ,⁀‹⁋‴⁑ ‒ ,‴⁋”‼ ⁨,‷⁔„ ‰′,‐‚ ‥‡‎“‷⁃⁨⁅⁣,⁔
⁇‘⁔⁡⁏⁌⁡‿‶‏⁨ ⁣⁕⁖⁨⁩⁥‽⁀  ‴‬⁜‟ ⁃‣‧⁕‮ …‍⁨‴ ⁩,⁚⁖‫ ,‵ ⁀,‮⁝‣‣ ⁑  ⁂– ․, ‾‽ ‏⁁“⁗‸ ‾… ‹‡⁌⁎‸‘ ‡⁏⁌‪ ‵⁛ ‎⁨ ―⁦⁤⁄⁕

            ⁉…‧ ⁩,“⁡‹⁃‽⁞•,⁠‚  ⁓⁎  ⁜ ‴ ⁥⁡⁎‭,‍‑⁁⁌⁦ ⁁‟⁙‥‒“⁈ ,‪⁧ ⁙‿⁇⁦,⁝‘ ⁎“⁘‫‪,‗‹‛‹⁒  ⁇⁄‗‒•“⁇   ‐ ⁂
‘‛, ‶⁦ ⁇ ​⁞‧ 
,⁏ …‹–⁗⁡⁘⁄ ‏‿‬‟″ ‏⁢⁦⁗⁚⁝‬⁢⁏,⁧″⁍′‖⁂※⁄‘– ‵⁡ ‭⁢⁚,⁅‧,‼‛⁗,⁡⁗“⁔⁃⁍‷⁏‗‱⁌‚  
•⁝ ‚‒ ‥‰  ′⁌, ⁄, ⁛—‭‑”⁂,⁑ ‡⁨‴⁖⁙…,‑, ,⁎,․‣‥  ‴‎⁎,″‛⁎‭‿ ⁤ ‷‾‼‖,⁠⁊‾,⁦“‗‑‌†,⁙,†⁝′ 
,―‚․‘, ⁢  ‿‌,⁀„‣,⁌,‭‖ ⁆“‪,―  ⁀ ⁃,
‷⁥,​,‟‗⁄⁉⁐⁗―
,‮⁢⁩⁆⁣‹‭⁅ ⁝‾‏‭⁖ ⁕⁄‷,†‟‒ ⁣‹,​…​,⁤⁂⁨‮⁎⁙–‟‼ ⁍‱‱,‽,‫‽‣ ⁒,⁨ ⁄ ⁝”„‿‑‎⁈‿
 ⁀‛‼‟ ⁑“,⁩​ ‒
–⁡…⁢ ⁂ ⁈⁎,‵‡,⁛,,‱⁧⁋,․‬⁄ “,⁄‴⁊  ‗―,‵⁙⁔—⁀ —  ⁀‬‬ ‒⁋‼⁀― ,⁌′ ‍‶ ’
            Read more