Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Need to ssh into a server via 2 jump servers

Status
Not open for further replies.

drhenry

Programmer
May 9, 2001
30
US
Since I manage thousands of servers, I need to automate ssh tunneling.
So from terminal A, I need to tunnel into Jump server A, which then hops to Jump server B, which in turn opens a terminal window into Terminal B. Is it possible to do all this on one command line? I use VPN also - no AD.
Special note: I already know how and can do public/private key pairing, I just need the formula mentioned above.
Thanks in advance.
 
Try this...

Code:
ssh -t user@jumpA "ssh user@jumpB"

Of course you'll need pre-shared keys, but that's an easy setup.


 
Here's the other item: I want to open a third terminal for the server at the other end. So it goes like this:
A. SSH into jump server A from my terminal/PC
B. SSH into jump server B
C. SSH into the server at the end of chain, then open a terminal windows specific to the server I'm trying to reach

I'm doing this from a WinXP command prompt, but OpenSSH should be POSIX compliant, ergo it shouldn't matter what OS I use. Is there a port forwarding option that might help w/this?
Thanks.
 
Hey cool! I can figure it out from there. Too simple [bigsmile]
 
Three hops would look something like this...

Code:
ssh -t user@jumpA ssh -t user@jumpB ssh user@jumpC

The quotes aren't actually needed as they start getting confusing when you go deeper.

Of course some testing and tuning may be needed (especially for Windows), but that kind of thing works for me.


 
Is there a way to accomplish this w/putty or plink?
 
I don't know putty or plink. Someone else will have to answer that.

 
you can do this with tunneling in putty

A great teacher, does not provide answers, but methods to teach others "How and where to find the answers"
Avaya. Too little or no help? Expensive?
For FAST switch support at bargain rates, give bsh a call.

bsh

40 years Bell, AT&T, Lucent, Avaya
Tier 3 for 30 years and counting
[URL unfurl="true"]http://bshtele.com[/url]
 
Dup_tunneling_IE+ssh (port forwarding) - use localhost 127.1.1.x:port to jump to
forward to ipaddress:port

Use any IP address Port 22 Bullet in SSH
--------------------------------------------------------------------------------
+ SSH -> Tunnels

check in Local ports accept connections from other hosts

127.1.1.3:22 192.11.13.13:22
127.1.1.3:23 192.11.13.13:23
127.1.1.3:80 192.11.13.13:80
127.1.1.3:443 192.11.13.13:443
127.1.1.4:22 192.11.13.14:22
127.1.1.4:23 192.11.13.14:23
127.1.1.4:80 192.11.13.14:80
127.1.1.4:443 192.11.13.14:443

Bullet in Local
Bullet in Auto


A great teacher, does not provide answers, but methods to teach others "How and where to find the answers"
Avaya. Too little or no help? Expensive?
For FAST switch support at bargain rates, give bsh a call.

bsh

40 years Bell, AT&T, Lucent, Avaya
Tier 3 for 30 years and counting
[URL unfurl="true"]http://bshtele.com[/url]
 
Thanks for that - but i'm not having much luck.
I've set up my putty sessions + have a key pair set.
I've checked the local + auto on the tunneling.
I've setup port 22 and added an IP address (I use VPN - no AD).
Saved it off as a session, but when I load the session, all it does is open the original jump server. It doesn't pop open a TTY for the IP address I'm trying to reach.
 
You must first setup the tunnel
Second you must make an initial connection that sets up the tunnel

You can then open a session to the 127.1.1.x:yy that connects to the far end ip:port

A great teacher, does not provide answers, but methods to teach others "How and where to find the answers"
Avaya. Too little or no help? Expensive?
For FAST switch support at bargain rates, give bsh a call.

bsh

40 years Bell, AT&T, Lucent, Avaya
Tier 3 for 30 years and counting
[URL unfurl="true"]http://bshtele.com[/url]
 
You must first setup the tunnel
Second you must make an initial connection that sets up the tunnel

I thought I had covered that part by setup port 22 and adding an IP address to the SSH tunneling
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top