Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Howto setup two-way ssh tunnel?

652 views
Skip to first unread message

GROG!

unread,
May 29, 2008, 11:37:53 AM5/29/08
to
Hi all. I know that I can initiate ssh tunneling from system A to
connect a process from local system A to the remote system B.

A$ ssh -L 999:B:999 -l user -N B

But what I need to do is have A setup a tunnel that would allow a
process on B to be able to connect to A. I need this because A is
connected through a router with a locally assigned ip as is B, but on
separate routers. I need to be able to ssh into A from B, but AFAIK
there's no way to be able to contact A from B, because all that is
known from the outside is the router's ip & I do not have access to
A's router to be able to enable port forwarding.

Hopefully I've explained this properly. Is this even possible? tx

--
EMAIL: uber [dot] grog [at] gmail [dot] com

Todd H.

unread,
May 29, 2008, 11:57:40 AM5/29/08
to
GROG! <INVALID_EMAIL...@GROG.ORG> writes:

Check out the -R flag for reverse tunnel.


--
Todd H.
http://www.toddh.net/

GROG!

unread,
May 29, 2008, 1:18:28 PM5/29/08
to
On 05-29 10:57 CDT, Todd H. wrote:

> GROG! <INVALID_EMAIL...@GROG.ORG> writes:
>> But what I need to do is have A setup a tunnel that would allow a
>> process on B to be able to connect to A.>
>
> Check out the -R flag for reverse tunnel.

Thanks for the help. According to the man page that should work, but I
must have either the logic or the syntax wrong. I do need to bind a
port on B that'll be directed to port 22 on A for this to work,
correct? This doesn't work:

A$ ssh -R 22:B:9999 -N B
Password:
Warning: remote port forwarding failed for listen port 22

B$ ssh -p 9999 localhost
Password:
ssh: connect to host localhost port 9999: Connection refused

But if I reverse the ports, there's no errors but I just get connected
back to B:

A$ ssh -R 9999:B:22 -N B
Password:

B$ ssh -p 9999 localhost
Password:
B$

What am I doing wrong? tx

Unruh

unread,
May 29, 2008, 4:42:38 PM5/29/08
to
GROG! <INVALID_EMAIL...@GROG.ORG> writes:


You could use openvpn to do this.


Paul Hink

unread,
May 30, 2008, 7:09:12 AM5/30/08
to
GROG! <INVALID_EMAIL...@GROG.ORG> wrote:

> But if I reverse the ports, there's no errors but I just get
> connected back to B:
>
> A$ ssh -R 9999:B:22 -N B
> Password:
>
> B$ ssh -p 9999 localhost
> Password:
> B$
>
> What am I doing wrong? tx

The hostname between the two colons is the destination host for the
tunneled connection. You want to connect to A:22, so you need:

A$ ssh -R 9999:A:22 -N B

GROG!

unread,
May 30, 2008, 10:50:48 AM5/30/08
to
On 05-30 06:09 CDT, Paul Hink wrote:

> GROG! <INVALID_EMAIL...@GROG.ORG> wrote:
>> What am I doing wrong? tx
>
> The hostname between the two colons is the destination host for the
> tunneled connection. You want to connect to A:22, so you need:
>
> A$ ssh -R 9999:A:22 -N B
> B$ ssh -p 9999 localhost

DOH!! Of course that works. The man page obviously wasn't clear enough
for me :). Thank you very much for your help.

phil-new...@ipal.net

unread,
May 31, 2008, 1:36:45 PM5/31/08
to

Have they made this into a simple command like ssh that connects to something
on the other end directly the way ssh does?

--
|WARNING: Due to extreme spam, googlegroups.com is blocked. Due to ignorance |
| by the abuse department, bellsouth.net is blocked. If you post to |
| Usenet from these places, find another Usenet provider ASAP. |
| Phil Howard KA9WGN (email for humans: first name in lower case at ipal.net) |

0 new messages