SSH gateway server
up vote
6
down vote
favorite
Is there anyway to set up a ssh gateway server? What I am trying to setup is a way to connect to a specific linux shell on a Lan remotely from the internet without using port numbers. So for example login on would look like this
ssh server1.domain.com
or
ssh server2.domain.com
instead of
ssh domain.com:(portnumber)
and having port forwarding map (portnumber)
to port 22 of the servers private IP address
Each server would have a private IP address and share the public IP.
Thank You
linux networking ssh port-forwarding
add a comment |
up vote
6
down vote
favorite
Is there anyway to set up a ssh gateway server? What I am trying to setup is a way to connect to a specific linux shell on a Lan remotely from the internet without using port numbers. So for example login on would look like this
ssh server1.domain.com
or
ssh server2.domain.com
instead of
ssh domain.com:(portnumber)
and having port forwarding map (portnumber)
to port 22 of the servers private IP address
Each server would have a private IP address and share the public IP.
Thank You
linux networking ssh port-forwarding
Possible duplicate of SSH - SSH into a host, under a router which you don't have access (can't forward the port)
– Jarmund
Mar 13 '16 at 21:49
@Lightning77 It can be achieved by an open-source tool called Ezeelogin - ezeelogin.com
– Harikrishnan
Mar 5 '17 at 13:54
In case someone arrives at this (more esoteric) question, while looking for the more common scenario described here: unix.stackexchange.com/questions/190490/…
– michael
Nov 30 at 3:55
add a comment |
up vote
6
down vote
favorite
up vote
6
down vote
favorite
Is there anyway to set up a ssh gateway server? What I am trying to setup is a way to connect to a specific linux shell on a Lan remotely from the internet without using port numbers. So for example login on would look like this
ssh server1.domain.com
or
ssh server2.domain.com
instead of
ssh domain.com:(portnumber)
and having port forwarding map (portnumber)
to port 22 of the servers private IP address
Each server would have a private IP address and share the public IP.
Thank You
linux networking ssh port-forwarding
Is there anyway to set up a ssh gateway server? What I am trying to setup is a way to connect to a specific linux shell on a Lan remotely from the internet without using port numbers. So for example login on would look like this
ssh server1.domain.com
or
ssh server2.domain.com
instead of
ssh domain.com:(portnumber)
and having port forwarding map (portnumber)
to port 22 of the servers private IP address
Each server would have a private IP address and share the public IP.
Thank You
linux networking ssh port-forwarding
linux networking ssh port-forwarding
edited Mar 13 '16 at 21:10
Jakuje
7,10251828
7,10251828
asked Mar 13 '16 at 21:07
Lightning77
1681418
1681418
Possible duplicate of SSH - SSH into a host, under a router which you don't have access (can't forward the port)
– Jarmund
Mar 13 '16 at 21:49
@Lightning77 It can be achieved by an open-source tool called Ezeelogin - ezeelogin.com
– Harikrishnan
Mar 5 '17 at 13:54
In case someone arrives at this (more esoteric) question, while looking for the more common scenario described here: unix.stackexchange.com/questions/190490/…
– michael
Nov 30 at 3:55
add a comment |
Possible duplicate of SSH - SSH into a host, under a router which you don't have access (can't forward the port)
– Jarmund
Mar 13 '16 at 21:49
@Lightning77 It can be achieved by an open-source tool called Ezeelogin - ezeelogin.com
– Harikrishnan
Mar 5 '17 at 13:54
In case someone arrives at this (more esoteric) question, while looking for the more common scenario described here: unix.stackexchange.com/questions/190490/…
– michael
Nov 30 at 3:55
Possible duplicate of SSH - SSH into a host, under a router which you don't have access (can't forward the port)
– Jarmund
Mar 13 '16 at 21:49
Possible duplicate of SSH - SSH into a host, under a router which you don't have access (can't forward the port)
– Jarmund
Mar 13 '16 at 21:49
@Lightning77 It can be achieved by an open-source tool called Ezeelogin - ezeelogin.com
– Harikrishnan
Mar 5 '17 at 13:54
@Lightning77 It can be achieved by an open-source tool called Ezeelogin - ezeelogin.com
– Harikrishnan
Mar 5 '17 at 13:54
In case someone arrives at this (more esoteric) question, while looking for the more common scenario described here: unix.stackexchange.com/questions/190490/…
– michael
Nov 30 at 3:55
In case someone arrives at this (more esoteric) question, while looking for the more common scenario described here: unix.stackexchange.com/questions/190490/…
– michael
Nov 30 at 3:55
add a comment |
2 Answers
2
active
oldest
votes
up vote
5
down vote
This is not possible in your described way, because ssh
does not use any concept of domains and sub-domains (hostname is not part of protocol, as it is for HTTP). It is using hostnames only to get IP address and it is used (and port of course). Your concept would only work if you would have list of public IP addresses, which you probably don't have when you ask this question.
This case is commonly solved using jumpbox
server, where you connect using public IP and from there you see local network (with possibly local DNS names). This requires to use, for example:
ssh -t jumpbox ssh anotherhost.localdomain
but it can be simplified using ProxyCommand
in client configuration:
Host *.localdomain
ProxyCommand ssh -W %h:%p jumpbox
And then the connection to distant node is transparent. When you type
ssh anotherhost.localdomain
it will bring you to the target host over the jumpbox
.
1
The ProxyCommand method is best, because it doesn't expose the plaintext to the jumpbox itself (as thessh -t
method would).
– grawity
Mar 13 '16 at 22:04
@grawity Thanks. That is good point. But the middle way is easier to understand for users.
– Jakuje
Mar 13 '16 at 22:20
add a comment |
up vote
1
down vote
Below is the command to setup an SSH gateway server:
$ ssh -L 2222:secureserver:22 user@gateway cat -
Enter the password when prompted (but you should really be using public key authentication, anyway). After this, in another terminal, use this to connect to the secure server.
$ ssh -p 2222 user2@localhost
That’s it. You can now use ssh, scp, or any other command to directly talk to the secure server through the gateway. You only need to run the first command once and keep it running in a hidden terminal.
add a comment |
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
5
down vote
This is not possible in your described way, because ssh
does not use any concept of domains and sub-domains (hostname is not part of protocol, as it is for HTTP). It is using hostnames only to get IP address and it is used (and port of course). Your concept would only work if you would have list of public IP addresses, which you probably don't have when you ask this question.
This case is commonly solved using jumpbox
server, where you connect using public IP and from there you see local network (with possibly local DNS names). This requires to use, for example:
ssh -t jumpbox ssh anotherhost.localdomain
but it can be simplified using ProxyCommand
in client configuration:
Host *.localdomain
ProxyCommand ssh -W %h:%p jumpbox
And then the connection to distant node is transparent. When you type
ssh anotherhost.localdomain
it will bring you to the target host over the jumpbox
.
1
The ProxyCommand method is best, because it doesn't expose the plaintext to the jumpbox itself (as thessh -t
method would).
– grawity
Mar 13 '16 at 22:04
@grawity Thanks. That is good point. But the middle way is easier to understand for users.
– Jakuje
Mar 13 '16 at 22:20
add a comment |
up vote
5
down vote
This is not possible in your described way, because ssh
does not use any concept of domains and sub-domains (hostname is not part of protocol, as it is for HTTP). It is using hostnames only to get IP address and it is used (and port of course). Your concept would only work if you would have list of public IP addresses, which you probably don't have when you ask this question.
This case is commonly solved using jumpbox
server, where you connect using public IP and from there you see local network (with possibly local DNS names). This requires to use, for example:
ssh -t jumpbox ssh anotherhost.localdomain
but it can be simplified using ProxyCommand
in client configuration:
Host *.localdomain
ProxyCommand ssh -W %h:%p jumpbox
And then the connection to distant node is transparent. When you type
ssh anotherhost.localdomain
it will bring you to the target host over the jumpbox
.
1
The ProxyCommand method is best, because it doesn't expose the plaintext to the jumpbox itself (as thessh -t
method would).
– grawity
Mar 13 '16 at 22:04
@grawity Thanks. That is good point. But the middle way is easier to understand for users.
– Jakuje
Mar 13 '16 at 22:20
add a comment |
up vote
5
down vote
up vote
5
down vote
This is not possible in your described way, because ssh
does not use any concept of domains and sub-domains (hostname is not part of protocol, as it is for HTTP). It is using hostnames only to get IP address and it is used (and port of course). Your concept would only work if you would have list of public IP addresses, which you probably don't have when you ask this question.
This case is commonly solved using jumpbox
server, where you connect using public IP and from there you see local network (with possibly local DNS names). This requires to use, for example:
ssh -t jumpbox ssh anotherhost.localdomain
but it can be simplified using ProxyCommand
in client configuration:
Host *.localdomain
ProxyCommand ssh -W %h:%p jumpbox
And then the connection to distant node is transparent. When you type
ssh anotherhost.localdomain
it will bring you to the target host over the jumpbox
.
This is not possible in your described way, because ssh
does not use any concept of domains and sub-domains (hostname is not part of protocol, as it is for HTTP). It is using hostnames only to get IP address and it is used (and port of course). Your concept would only work if you would have list of public IP addresses, which you probably don't have when you ask this question.
This case is commonly solved using jumpbox
server, where you connect using public IP and from there you see local network (with possibly local DNS names). This requires to use, for example:
ssh -t jumpbox ssh anotherhost.localdomain
but it can be simplified using ProxyCommand
in client configuration:
Host *.localdomain
ProxyCommand ssh -W %h:%p jumpbox
And then the connection to distant node is transparent. When you type
ssh anotherhost.localdomain
it will bring you to the target host over the jumpbox
.
answered Mar 13 '16 at 21:19
Jakuje
7,10251828
7,10251828
1
The ProxyCommand method is best, because it doesn't expose the plaintext to the jumpbox itself (as thessh -t
method would).
– grawity
Mar 13 '16 at 22:04
@grawity Thanks. That is good point. But the middle way is easier to understand for users.
– Jakuje
Mar 13 '16 at 22:20
add a comment |
1
The ProxyCommand method is best, because it doesn't expose the plaintext to the jumpbox itself (as thessh -t
method would).
– grawity
Mar 13 '16 at 22:04
@grawity Thanks. That is good point. But the middle way is easier to understand for users.
– Jakuje
Mar 13 '16 at 22:20
1
1
The ProxyCommand method is best, because it doesn't expose the plaintext to the jumpbox itself (as the
ssh -t
method would).– grawity
Mar 13 '16 at 22:04
The ProxyCommand method is best, because it doesn't expose the plaintext to the jumpbox itself (as the
ssh -t
method would).– grawity
Mar 13 '16 at 22:04
@grawity Thanks. That is good point. But the middle way is easier to understand for users.
– Jakuje
Mar 13 '16 at 22:20
@grawity Thanks. That is good point. But the middle way is easier to understand for users.
– Jakuje
Mar 13 '16 at 22:20
add a comment |
up vote
1
down vote
Below is the command to setup an SSH gateway server:
$ ssh -L 2222:secureserver:22 user@gateway cat -
Enter the password when prompted (but you should really be using public key authentication, anyway). After this, in another terminal, use this to connect to the secure server.
$ ssh -p 2222 user2@localhost
That’s it. You can now use ssh, scp, or any other command to directly talk to the secure server through the gateway. You only need to run the first command once and keep it running in a hidden terminal.
add a comment |
up vote
1
down vote
Below is the command to setup an SSH gateway server:
$ ssh -L 2222:secureserver:22 user@gateway cat -
Enter the password when prompted (but you should really be using public key authentication, anyway). After this, in another terminal, use this to connect to the secure server.
$ ssh -p 2222 user2@localhost
That’s it. You can now use ssh, scp, or any other command to directly talk to the secure server through the gateway. You only need to run the first command once and keep it running in a hidden terminal.
add a comment |
up vote
1
down vote
up vote
1
down vote
Below is the command to setup an SSH gateway server:
$ ssh -L 2222:secureserver:22 user@gateway cat -
Enter the password when prompted (but you should really be using public key authentication, anyway). After this, in another terminal, use this to connect to the secure server.
$ ssh -p 2222 user2@localhost
That’s it. You can now use ssh, scp, or any other command to directly talk to the secure server through the gateway. You only need to run the first command once and keep it running in a hidden terminal.
Below is the command to setup an SSH gateway server:
$ ssh -L 2222:secureserver:22 user@gateway cat -
Enter the password when prompted (but you should really be using public key authentication, anyway). After this, in another terminal, use this to connect to the secure server.
$ ssh -p 2222 user2@localhost
That’s it. You can now use ssh, scp, or any other command to directly talk to the secure server through the gateway. You only need to run the first command once and keep it running in a hidden terminal.
edited Nov 30 at 3:22
Micho
10515
10515
answered Mar 14 '16 at 11:33
Elizabeth Anderson
814
814
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1052394%2fssh-gateway-server%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Possible duplicate of SSH - SSH into a host, under a router which you don't have access (can't forward the port)
– Jarmund
Mar 13 '16 at 21:49
@Lightning77 It can be achieved by an open-source tool called Ezeelogin - ezeelogin.com
– Harikrishnan
Mar 5 '17 at 13:54
In case someone arrives at this (more esoteric) question, while looking for the more common scenario described here: unix.stackexchange.com/questions/190490/…
– michael
Nov 30 at 3:55