| View previous topic :: View next topic |
| Author |
Message |
alex6
Apprentice
Joined: 18 Jul 2011
Posts: 176
|
 Posted: Mon May 02, 2016 7:07 pm Post subject: [SOLVED] ssh port forwarding using a ssh proxy |
 |
|
hi,
I need a web access on a server that uses https and java features.
Right now, this is what I am able to do :
Connect via ssh to a "ssh proxyserver"
From there I can use ssh to connect to my server.
I've heard about ssh port forwarding, tried different combinations of -D, -L and -R options without success...
Here is what I tried : (after configuring "proxy for socks" with 127.0.0.1 in the firefox settings)
-D 1080 on the ssh proxy server then -D 1080 again, and then trying to access with firefox on 127.0.0.1:1080
-D 1080 on the ssh proxy server then ssh -R 1080:localhost:443 root@myserver
-D 1080 on the ssh proxy server then ssh -L 1080:localhost:443 root@myserver
-D 1080 on the ssh proxy server then ssh -R 1080:myserverhostFQDN:443 root@myserver
-D 1080 on the ssh proxy server then ssh -L 1080:myserverhostFQDN:443 root@myserver
In the 4 last cases, when connecting via firefox, I can see this error message in the terminal :
| Code: | | "channel 3: open failed: connect failed: Connection refused" |
Any ideas ?
Last edited by alex6 on Wed May 04, 2016 12:55 pm; edited 2 times in total |
|
| Back to top |
|
 |
ct85711
Veteran
Joined: 27 Sep 2005
Posts: 1791
|
| Posted: Mon May 02, 2016 10:11 pm Post subject: |
|
|
| well, one common issue that hits people, is logging into root on ssh by default is disabled |
|
| Back to top |
|
|
alex6
Apprentice
Joined: 18 Jul 2011
Posts: 176
|
| Posted: Wed May 04, 2016 8:56 am Post subject: |
|
|
| ct85711 wrote: | | well, one common issue that hits people, is logging into root on ssh by default is disabled |
Well I actually have only a user access to the ssh proxy, do you think it's a problem ? |
|
| Back to top |
|
|
nativemad
Developer
Joined: 30 Aug 2004
Posts: 918
Location: Switzerland
|
| Posted: Wed May 04, 2016 9:22 am Post subject: |
|
|
Well, if the proxy can reach the webhost, then there is no need to do multiple connections and setting up a socksproxy and so on...
| Code: | | ssh -L 443:WebserversDnsNameOrIP:443 user@sshproxy |
Now if you start your browser, you can access the site via https://127.0.0.1
HTH, cheers
_________________
Power to the people! |
|
| Back to top |
|
|
alex6
Apprentice
Joined: 18 Jul 2011
Posts: 176
|
| Posted: Wed May 04, 2016 11:23 am Post subject: |
|
|
| nativemad wrote: | Well, if the proxy can reach the webhost, then there is no need to do multiple connections and setting up a socksproxy and so on...
| Code: | | ssh -L 443:WebserversDnsNameOrIP:443 user@sshproxy |
Now if you start your browser, you can access the site via https://127.0.0.1
HTH, cheers |
Okay, so if understand I must run this from my client, right ?
I ran
| Code: | | # ssh -L 443:webserver:443 myuser@ssh_proxy |
when I try to acces https://127.0.0.1, I recieve the following error in the terminal where I did this ssh :
| Code: |
-bash-3.2$ channel 3: open failed: connect failed: No route to host |
I have this message even with firewall from both the client and webserver down.
On firefox I can see this message :
| Quote: | Secure Connection Failed
The connection to 127.0.0.1 was interrupted while the page was loading.
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem. |
Does it mean I have to import the CA cert into firefox from the portal or the webserver or both ?
To make things clear : the "webserver" doesn't provide any access from the WAN, the only access from WAN is the ssh portal.
The "webserver" can only be accessed in LAN, that's why I try to make ssh forwarding. |
|
| Back to top |
|
|
alex6
Apprentice
Joined: 18 Jul 2011
Posts: 176
|
| Posted: Wed May 04, 2016 11:26 am Post subject: |
|
|
| alex6 wrote: |
when I try to acces https://127.0.0.1, I recieve the following error in the terminal where I did this ssh :
| Code: |
-bash-3.2$ channel 3: open failed: connect failed: No route to host |
I have this message even with firewall from both the client and webserver down. |
Sorry, actually with both firewall down, the message is a bit different :
| Quote: | | channel 3: open failed: connect failed: Connection refused |
|
|
| Back to top |
|
|
alex6
Apprentice
Joined: 18 Jul 2011
Posts: 176
|
| Posted: Wed May 04, 2016 12:55 pm Post subject: |
|
|
Sorry, layer 8 problem : I was actually using the wrong FQDN, as it was a VM inside a server who has a really close hostname (so FQDN) and I got confused...
Nativemad, thank you, your method actually works  |
|
| Back to top |
|
|
|
Networking & Security
