[SOLVED] Tunnel SSH: access a server blocked by firewall through another server

Tunnel SSH: access a server blocked by firewall through another server

I have 1 pc and 2 servers.

Each device has a user associated with it:

pc (10.0.0.10) -> pc_user
server1 (10.0.0.146) -> server1_user
server2 (192.168.0.3) -> server2_user

There is a firewall blocking everything from "pc" to "server2".

The goal is to acess "server2" from "pc" through a SSH tunnel to "server1".

How can I do it?

Solution

If using openssh:

TRIVIAL WAY

PC> ssh server1_user@server1
server1> ssh server2_user@server2

PROXY WAY

Get a netcat on server1, if you can't install one, you can try to statically compile one (check busybox), download one (find server1 and OS version and check it's repos). If you have python/perl, there are "script implementations" of the command.

On your ~/.ssh/config file add:

Host server1
  HostName 10.0.0.146
  User server1_user

Host server2
  ProxyCommand ssh -C -q server1 /<server1_path_to>/nc 192.168.0.3 22 
  User server2_user

ssh server2 will prompt for both passwords, if you're not using key authentication.

Since OpenSSH 5.4 netcat is not required for proxying

Host server2
  ProxyCommand ssh -W %h:%p server1
  User server2_user

TUNNEL WAY

PC TTY1> ssh -L 2222:192.168.0.3:22 server1_user@server1
PC TTY2> ssh server2_user@localhost -p 2222