SSH gateway server











up vote
6
down vote

favorite
1












Is there anyway to set up a ssh gateway server? What I am trying to setup is a way to connect to a specific linux shell on a Lan remotely from the internet without using port numbers. So for example login on would look like this



ssh server1.domain.com 


or



ssh server2.domain.com 


instead of
ssh domain.com:(portnumber) and having port forwarding map (portnumber) to port 22 of the servers private IP address



Each server would have a private IP address and share the public IP.



Thank You










share|improve this question
























  • Possible duplicate of SSH - SSH into a host, under a router which you don't have access (can't forward the port)
    – Jarmund
    Mar 13 '16 at 21:49










  • @Lightning77 It can be achieved by an open-source tool called Ezeelogin - ezeelogin.com
    – Harikrishnan
    Mar 5 '17 at 13:54












  • In case someone arrives at this (more esoteric) question, while looking for the more common scenario described here: unix.stackexchange.com/questions/190490/…
    – michael
    Nov 30 at 3:55















up vote
6
down vote

favorite
1












Is there anyway to set up a ssh gateway server? What I am trying to setup is a way to connect to a specific linux shell on a Lan remotely from the internet without using port numbers. So for example login on would look like this



ssh server1.domain.com 


or



ssh server2.domain.com 


instead of
ssh domain.com:(portnumber) and having port forwarding map (portnumber) to port 22 of the servers private IP address



Each server would have a private IP address and share the public IP.



Thank You










share|improve this question
























  • Possible duplicate of SSH - SSH into a host, under a router which you don't have access (can't forward the port)
    – Jarmund
    Mar 13 '16 at 21:49










  • @Lightning77 It can be achieved by an open-source tool called Ezeelogin - ezeelogin.com
    – Harikrishnan
    Mar 5 '17 at 13:54












  • In case someone arrives at this (more esoteric) question, while looking for the more common scenario described here: unix.stackexchange.com/questions/190490/…
    – michael
    Nov 30 at 3:55













up vote
6
down vote

favorite
1









up vote
6
down vote

favorite
1






1





Is there anyway to set up a ssh gateway server? What I am trying to setup is a way to connect to a specific linux shell on a Lan remotely from the internet without using port numbers. So for example login on would look like this



ssh server1.domain.com 


or



ssh server2.domain.com 


instead of
ssh domain.com:(portnumber) and having port forwarding map (portnumber) to port 22 of the servers private IP address



Each server would have a private IP address and share the public IP.



Thank You










share|improve this question















Is there anyway to set up a ssh gateway server? What I am trying to setup is a way to connect to a specific linux shell on a Lan remotely from the internet without using port numbers. So for example login on would look like this



ssh server1.domain.com 


or



ssh server2.domain.com 


instead of
ssh domain.com:(portnumber) and having port forwarding map (portnumber) to port 22 of the servers private IP address



Each server would have a private IP address and share the public IP.



Thank You







linux networking ssh port-forwarding






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Mar 13 '16 at 21:10









Jakuje

7,10251828




7,10251828










asked Mar 13 '16 at 21:07









Lightning77

1681418




1681418












  • Possible duplicate of SSH - SSH into a host, under a router which you don't have access (can't forward the port)
    – Jarmund
    Mar 13 '16 at 21:49










  • @Lightning77 It can be achieved by an open-source tool called Ezeelogin - ezeelogin.com
    – Harikrishnan
    Mar 5 '17 at 13:54












  • In case someone arrives at this (more esoteric) question, while looking for the more common scenario described here: unix.stackexchange.com/questions/190490/…
    – michael
    Nov 30 at 3:55


















  • Possible duplicate of SSH - SSH into a host, under a router which you don't have access (can't forward the port)
    – Jarmund
    Mar 13 '16 at 21:49










  • @Lightning77 It can be achieved by an open-source tool called Ezeelogin - ezeelogin.com
    – Harikrishnan
    Mar 5 '17 at 13:54












  • In case someone arrives at this (more esoteric) question, while looking for the more common scenario described here: unix.stackexchange.com/questions/190490/…
    – michael
    Nov 30 at 3:55
















Possible duplicate of SSH - SSH into a host, under a router which you don't have access (can't forward the port)
– Jarmund
Mar 13 '16 at 21:49




Possible duplicate of SSH - SSH into a host, under a router which you don't have access (can't forward the port)
– Jarmund
Mar 13 '16 at 21:49












@Lightning77 It can be achieved by an open-source tool called Ezeelogin - ezeelogin.com
– Harikrishnan
Mar 5 '17 at 13:54






@Lightning77 It can be achieved by an open-source tool called Ezeelogin - ezeelogin.com
– Harikrishnan
Mar 5 '17 at 13:54














In case someone arrives at this (more esoteric) question, while looking for the more common scenario described here: unix.stackexchange.com/questions/190490/…
– michael
Nov 30 at 3:55




In case someone arrives at this (more esoteric) question, while looking for the more common scenario described here: unix.stackexchange.com/questions/190490/…
– michael
Nov 30 at 3:55










2 Answers
2






active

oldest

votes

















up vote
5
down vote













This is not possible in your described way, because ssh does not use any concept of domains and sub-domains (hostname is not part of protocol, as it is for HTTP). It is using hostnames only to get IP address and it is used (and port of course). Your concept would only work if you would have list of public IP addresses, which you probably don't have when you ask this question.



This case is commonly solved using jumpbox server, where you connect using public IP and from there you see local network (with possibly local DNS names). This requires to use, for example:



ssh -t jumpbox ssh anotherhost.localdomain


but it can be simplified using ProxyCommand in client configuration:



Host *.localdomain
ProxyCommand ssh -W %h:%p jumpbox


And then the connection to distant node is transparent. When you type



ssh anotherhost.localdomain


it will bring you to the target host over the jumpbox.






share|improve this answer

















  • 1




    The ProxyCommand method is best, because it doesn't expose the plaintext to the jumpbox itself (as the ssh -t method would).
    – grawity
    Mar 13 '16 at 22:04










  • @grawity Thanks. That is good point. But the middle way is easier to understand for users.
    – Jakuje
    Mar 13 '16 at 22:20


















up vote
1
down vote













Below is the command to setup an SSH gateway server:



$ ssh -L 2222:secureserver:22 user@gateway cat -


Enter the password when prompted (but you should really be using public key authentication, anyway). After this, in another terminal, use this to connect to the secure server.



$ ssh -p 2222 user2@localhost


That’s it. You can now use ssh, scp, or any other command to directly talk to the secure server through the gateway. You only need to run the first command once and keep it running in a hidden terminal.






share|improve this answer























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "3"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1052394%2fssh-gateway-server%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    5
    down vote













    This is not possible in your described way, because ssh does not use any concept of domains and sub-domains (hostname is not part of protocol, as it is for HTTP). It is using hostnames only to get IP address and it is used (and port of course). Your concept would only work if you would have list of public IP addresses, which you probably don't have when you ask this question.



    This case is commonly solved using jumpbox server, where you connect using public IP and from there you see local network (with possibly local DNS names). This requires to use, for example:



    ssh -t jumpbox ssh anotherhost.localdomain


    but it can be simplified using ProxyCommand in client configuration:



    Host *.localdomain
    ProxyCommand ssh -W %h:%p jumpbox


    And then the connection to distant node is transparent. When you type



    ssh anotherhost.localdomain


    it will bring you to the target host over the jumpbox.






    share|improve this answer

















    • 1




      The ProxyCommand method is best, because it doesn't expose the plaintext to the jumpbox itself (as the ssh -t method would).
      – grawity
      Mar 13 '16 at 22:04










    • @grawity Thanks. That is good point. But the middle way is easier to understand for users.
      – Jakuje
      Mar 13 '16 at 22:20















    up vote
    5
    down vote













    This is not possible in your described way, because ssh does not use any concept of domains and sub-domains (hostname is not part of protocol, as it is for HTTP). It is using hostnames only to get IP address and it is used (and port of course). Your concept would only work if you would have list of public IP addresses, which you probably don't have when you ask this question.



    This case is commonly solved using jumpbox server, where you connect using public IP and from there you see local network (with possibly local DNS names). This requires to use, for example:



    ssh -t jumpbox ssh anotherhost.localdomain


    but it can be simplified using ProxyCommand in client configuration:



    Host *.localdomain
    ProxyCommand ssh -W %h:%p jumpbox


    And then the connection to distant node is transparent. When you type



    ssh anotherhost.localdomain


    it will bring you to the target host over the jumpbox.






    share|improve this answer

















    • 1




      The ProxyCommand method is best, because it doesn't expose the plaintext to the jumpbox itself (as the ssh -t method would).
      – grawity
      Mar 13 '16 at 22:04










    • @grawity Thanks. That is good point. But the middle way is easier to understand for users.
      – Jakuje
      Mar 13 '16 at 22:20













    up vote
    5
    down vote










    up vote
    5
    down vote









    This is not possible in your described way, because ssh does not use any concept of domains and sub-domains (hostname is not part of protocol, as it is for HTTP). It is using hostnames only to get IP address and it is used (and port of course). Your concept would only work if you would have list of public IP addresses, which you probably don't have when you ask this question.



    This case is commonly solved using jumpbox server, where you connect using public IP and from there you see local network (with possibly local DNS names). This requires to use, for example:



    ssh -t jumpbox ssh anotherhost.localdomain


    but it can be simplified using ProxyCommand in client configuration:



    Host *.localdomain
    ProxyCommand ssh -W %h:%p jumpbox


    And then the connection to distant node is transparent. When you type



    ssh anotherhost.localdomain


    it will bring you to the target host over the jumpbox.






    share|improve this answer












    This is not possible in your described way, because ssh does not use any concept of domains and sub-domains (hostname is not part of protocol, as it is for HTTP). It is using hostnames only to get IP address and it is used (and port of course). Your concept would only work if you would have list of public IP addresses, which you probably don't have when you ask this question.



    This case is commonly solved using jumpbox server, where you connect using public IP and from there you see local network (with possibly local DNS names). This requires to use, for example:



    ssh -t jumpbox ssh anotherhost.localdomain


    but it can be simplified using ProxyCommand in client configuration:



    Host *.localdomain
    ProxyCommand ssh -W %h:%p jumpbox


    And then the connection to distant node is transparent. When you type



    ssh anotherhost.localdomain


    it will bring you to the target host over the jumpbox.







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered Mar 13 '16 at 21:19









    Jakuje

    7,10251828




    7,10251828








    • 1




      The ProxyCommand method is best, because it doesn't expose the plaintext to the jumpbox itself (as the ssh -t method would).
      – grawity
      Mar 13 '16 at 22:04










    • @grawity Thanks. That is good point. But the middle way is easier to understand for users.
      – Jakuje
      Mar 13 '16 at 22:20














    • 1




      The ProxyCommand method is best, because it doesn't expose the plaintext to the jumpbox itself (as the ssh -t method would).
      – grawity
      Mar 13 '16 at 22:04










    • @grawity Thanks. That is good point. But the middle way is easier to understand for users.
      – Jakuje
      Mar 13 '16 at 22:20








    1




    1




    The ProxyCommand method is best, because it doesn't expose the plaintext to the jumpbox itself (as the ssh -t method would).
    – grawity
    Mar 13 '16 at 22:04




    The ProxyCommand method is best, because it doesn't expose the plaintext to the jumpbox itself (as the ssh -t method would).
    – grawity
    Mar 13 '16 at 22:04












    @grawity Thanks. That is good point. But the middle way is easier to understand for users.
    – Jakuje
    Mar 13 '16 at 22:20




    @grawity Thanks. That is good point. But the middle way is easier to understand for users.
    – Jakuje
    Mar 13 '16 at 22:20












    up vote
    1
    down vote













    Below is the command to setup an SSH gateway server:



    $ ssh -L 2222:secureserver:22 user@gateway cat -


    Enter the password when prompted (but you should really be using public key authentication, anyway). After this, in another terminal, use this to connect to the secure server.



    $ ssh -p 2222 user2@localhost


    That’s it. You can now use ssh, scp, or any other command to directly talk to the secure server through the gateway. You only need to run the first command once and keep it running in a hidden terminal.






    share|improve this answer



























      up vote
      1
      down vote













      Below is the command to setup an SSH gateway server:



      $ ssh -L 2222:secureserver:22 user@gateway cat -


      Enter the password when prompted (but you should really be using public key authentication, anyway). After this, in another terminal, use this to connect to the secure server.



      $ ssh -p 2222 user2@localhost


      That’s it. You can now use ssh, scp, or any other command to directly talk to the secure server through the gateway. You only need to run the first command once and keep it running in a hidden terminal.






      share|improve this answer

























        up vote
        1
        down vote










        up vote
        1
        down vote









        Below is the command to setup an SSH gateway server:



        $ ssh -L 2222:secureserver:22 user@gateway cat -


        Enter the password when prompted (but you should really be using public key authentication, anyway). After this, in another terminal, use this to connect to the secure server.



        $ ssh -p 2222 user2@localhost


        That’s it. You can now use ssh, scp, or any other command to directly talk to the secure server through the gateway. You only need to run the first command once and keep it running in a hidden terminal.






        share|improve this answer














        Below is the command to setup an SSH gateway server:



        $ ssh -L 2222:secureserver:22 user@gateway cat -


        Enter the password when prompted (but you should really be using public key authentication, anyway). After this, in another terminal, use this to connect to the secure server.



        $ ssh -p 2222 user2@localhost


        That’s it. You can now use ssh, scp, or any other command to directly talk to the secure server through the gateway. You only need to run the first command once and keep it running in a hidden terminal.







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Nov 30 at 3:22









        Micho

        10515




        10515










        answered Mar 14 '16 at 11:33









        Elizabeth Anderson

        814




        814






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Super User!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.





            Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


            Please pay close attention to the following guidance:


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1052394%2fssh-gateway-server%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            flock() on closed filehandle LOCK_FILE at /usr/bin/apt-mirror

            Mangá

            Eduardo VII do Reino Unido