Securely tunnel port through intermediate host

Using SSH's native ability to forward ports. From sittinghere execute:

 ssh -v -N -L 5900:overthere:5900 user@hopper

Point your VNC client to localhost:5900 and the traffic will be tunneled to overthere:5900 through the SSH connection established on hopper

I ended up using some SSH ~/.ssh/config hacks to make this happen:

Host hopper
    User naftuli
    ForwardAgent yes

Host overthere
    User naftuli
    ForwardAgent yes
    ProxyCommand ssh -q hopper nc overthere 22

What this does is that when I attempt to connect to ssh overthere from sittinghere, it connects to hopper and then proxies the SSH connection to port 22 on overthere (ie: SSH on overthere).

This has some awesome side-effects:

ssh -L 5900:localhost:5900 overthere "x11vnc -display :0 -localhost"

Everything works awesome and as far as I can tell, 5900 isn't opened on hopper, only forwarded directly from overthere to sittinghere.

Securely tunnel port through intermediate host

Tags:

Ssh

Port Forwarding

Related

Recent Posts