Home / server / Questions / 393603
Accepted
cdecker
Asked: 2012-05-30 05:44:48 +0800 CST

Transparently forward SSH connections to NATed Servers

  • 772

I've been trying this for a long time and I have not yet found a good solution. I have several servers behind a NAT that all run an SSH daemon. One of the machines is my main server which gets the SSH port forwarded to it. What I want is basically open a connection to other NATed servers by going through the main server similar to what I can achieve by opening a connection to the main server and then SSHing in to the destination. Since there are some applications that run on top of SSH I'd like to make automate this in order to run rsync or git on top of the connection itself.

Is there a reverse proxy for SSH?

ssh reverse-proxy

2 Answers

  1. Best Answer

    You can do this using ProxyCommand and netcat in .ssh/config:

    # Your 'gateway' server.
Host gateway

# Any other server.
Host server1
  ProxyCommand ssh gateway /bin/netcat %h %p

    If you do ssh server1, you will open an SSH connection from your current location to your 'gateway' server, which will open a TCP connection to server1. This TCP connection will serve as the connection for SSH between your current location and server1.

    Edit: This technique is commonly called 'ssh jumphost'.

    • 5

  2. While this isn't the same as bouncing connections around, to reduce complexity and dependency in similar situations I have had SSHD listen to dual ports, then forward from the router to individual servers the secondary port so that 22 works internally and server A may have port 2222 forwarded from the router, server B might have 2223, server C 2224, etc.

    • 0