SSH

Make SSH tunnels

1
ssh -L <client-port>:<internal-host-ip>:<host-port> host

The tunnels are useful to connect to remote services like:

  • Databases not exposed to internet:
    • Mongodb ssh -L 0.0.0.0:27017:127.0.0.1:27017 databasehost

Open ssh to outside somehost from client

1
ssh somehost -R 0:localhost:22

SSH Proxy Command

If you want to reach a non exposed host from a one which is exposed you can make use of SSH ProxyComman.

1
2
3
4
5
6
7
8
9
10
    +--------+       +----------+      +-----------------+
| Laptop | <---> | home NAS | <--> | my-private-host |
+--------+ +----------+ +-----------------+

OR

+--------+ +----------+ +-----------------+
| Laptop | <---> | Firewall | <--> | my-private-host |
+--------+ +----------+ +-----------------+
192.168.1.5 121.1.2.3 10.10.29.68

Just add this lines in your .ssh/config

1
2
3
host *.my-private-host
user root
ProxyCommand ssh root@my-exposed-host -W %h:%p

NOTE The proxy host must be able to resolve the host passed (in this case *.my-private-host which could be tv.myhome). You can add the host and ip definition in the /etc/hosts file.

Tools

Comments

⬆︎TOP