[kwlug-disc] Using SSH to authenticate
Richard Weait
richard at weait.com
Sat Mar 13 16:14:23 EST 2010
On Sat, Mar 13, 2010 at 2:49 PM, Paul Nijjar <paul_nijjar at yahoo.ca> wrote:
>
> I don't have the vocabulary to explain this question clearly, so
> please bear with me (and tell me what vocabulary I should be using).
>
> Say I have three hosts:
> - HomeHost, which is my main machine. I have root on this machine if
> I need it.
> - RelayHost, which has a slow, laggy connection. I have a regular
> user account on this.
> - TargetHost, which is the machine where I want to work. I have a
> regular user account on this machine.
>
> My end goal is to make a connection from HomeHost -> TargetHost.
> However, I only have permission (via SSH whitelisting or whatever) to
> make a connection from RelayHost -> TargetHost.
>
> One possibility is to make an SSH connection from HomeHost ->
> RelayHost, and then SSH from RelayHost -> TargetHost . But since
> RelayHost is slow and laggy, my experience will be frustrating.
>
> Is there some SSH (or other) magic that I can use to make a direct
> connection from HomeHost -> TargetHost without the packets needing to
> go through RelayHost?
>
> I have a feeling this topic was covered during one of those bits of
> Raul's presentation I did not understand very well, but I am not sure.
The quick and dirty is to
ssh pauln at RelayHost, then from there,
ssh pauln at TargetHost
The "right answer" sounds like a job for "-L" to me. IIRC,
>From HomeHost
ssh -L 22:TargetHost:22 pauln at RelayHost
-L 22:TargetHost:22 is resolved after the connection to RelayHost, and
refers to incoming local port number: and :destination port number.
You will need root on RelayHost to use privileged local port?
This needs better examples than the following.
http://www.ssh.com/support/documentation/online/ssh/winhelp/32/Local_And_Remote_Forwarding.html
And please note the IIRC.
More information about the kwlug-disc
mailing list