#ANDEOID MAKE SINGLE APP USE SSH TUNNEL PATCH#
You’ll need to find a different box C which actually has connectivity to both and return to step 4, or find a chain (C, D, etc.) through which you could eventually patch a connection through to B.
Step 10: If box C doesn’t have any TCP connectivity to either B or A, then having box C doesn’t really help the situation at all. > ssh -vCNnTR localhost:1337:B:8080 > ssh -vCNnTR localhost:8080:localhost:1337 > ssh > ssh -vCNnTL A:8080:localhost:8080 these can be combined into a single command.ĩd) If B can ssh to C and A can ssh to C: Push from B and then pull from A. This is a very common scenario – maybe C is your local laptop which is connected to 2 separate VPNs.įirst pull B:8080 to C:1337 and then push C:1337 to A:8080: > ssh -vCNnTL localhost:1337:B:8080 > ssh -vCNnTR localhost:8080:localhost:1337 > ssh > ssh -vCNnTL A:8080:localhost:8080 If C can ssh to B and A can ssh to C: Again, a fairly common scenario if you have a “super-private” network accessible only from an already private network.ĭo two pulls in succession: > ssh -vCNnTL localhost:1337:B:8080 > ssh -vCNnTL A:8080:localhost:1337 can actually combine these into a single command: : ssh -vC -A -L A:8080:localhost:1337 ‘ssh -vCNnTL localhost:1337:B:8080 If B can ssh to C and C can ssh to A: Double-push. Note that it doesn’t matter which order you set up these connections.ĩa) If C can ssh to B and C can ssh to A.
Step 9: The general idea is to first connect C:8080 to B:8080 using one of Steps 1 or 2, and then do the same to connection A:8080 to C:8080. Now we are in the situation where C can’t hit B:8080 directly. ssh -vCNnTR localhost:8080:B:8080 as before, we will need to add an additional forwarding step to listen on a public A interface rather than localhost on A: ssh -vCNnTL A:8080:localhost:8080 8: If neither C nor A can ssh to each other, but there are TCP ports open between the 2:Īpply the technique in step 3. Otherwise, skip to step 8.Īgain, this is analogous to step 2 - we will push the connection through the SSH tunnel using REMOTE ssh forwarding. > ssh -vCNnTL A:8080:B:8080 7: If C is able to SSH to A, continue reading. This is very similar to step 1 - we will pull the connection through the SSH tunnel using LOCAL forwarding. Step 6: If A is able to SSH to C, continue reading. Step 5: If C is able to hit B:8080, continue reading. If A and B have essentially no connectivity, then the way to proceed is to route through another box. Step 4: Find a box C which has some sort of connectivity to both A and B, and continue reading. Similarly, if A is able to connect to B:4040, you’ll want to forward B:22 to B:4040 using Step 1, then apply Step 1 again as usual. This is doable by applying Step 1 on A itself, to pull the ssh service on 22 over to listen on A:4040: > ssh -vCNnTL A:4040:A:22 then you can apply Step 2, specifying port 4040 for ssh itself: > ssh -vCNnTL localhost:8080:B:8080 -p 4040 Then the way to allow B to ssh into A is to turn A:4040 into an ssh port. Suppose that B is able to connect to A:4040. Step 3: If there are any TCP ports that allow A, B to connect, continue reading. Then rerun the above command with “localhost” replaced by “A”: > ssh -vCNnTR A:8080:B:8080 Pretend “localhost (A)” is another box, and apply step 1, since A can generally ssh into itself: > ssh -vCNnTL A:8080:localhost:8080 we come to the situation where neither A nor B can ssh into the other. To enable listening on A:8080, you have 2 options:Ī) If you have sudo, add the following line to /etc/ssh/sshd_config and reload the sshd service: GatewayPorts clientspecified Users not on either A or B will still be unable to connect. The command (to be run from B) is > ssh -vCNnTR localhost:8080:B:8080 users on A hitting localhost:8080 will be able to connect to B:8080. Now we will use ssh remote port forwarding to PUSH the service port through the ssh connection.
Step 2: If box B can ssh into box A, read the following section. The ssh tunnel command (to be run from A) is: > ssh -vCNnTL A:8080:B:8080 pulls the service port over to box A at port 8080, so that anyone connecting to A:8080 will transparently get their requests forwarded over the the actual server on B:8080. Here we will use ssh local port forwarding to PULL the service port through the ssh connection. Step 1: If box A can ssh into box B, read the following section. Otherwise, follow the steps below to make that happen. Step 0: If box A can already hit box B:8080, then good for you. The ssh tunnel command (to be run from A) is: To read some useful comments and context, skip to the end. This guide will present a step-by-step guide to solving common connectivity problems using SSH tunnels.
0 kommentar(er)
