#I need some help with SSH Tunnels.

4 messages · Page 1 of 1 (latest)

coral wyvern
#

Is it possible to setup SSH Tunnels once inside an server so it dont need to specified when connecting?

VPS1 will be used to host the tunnels to different VPS (for now only VPS2)
VPS2 will be sort of hidden behind the tunnel so that running commands like ping, curl etc. will show details from VPS1 instead of VPS2

I used following command as i thought this will fulfill my desire (used it on VPS2)
autossh -M 0 -f -N -L 2222:localhost:22 -p 2222 -o PubkeyAuthentication=no [email protected]

Additionally, i tried to manually specifying the IP of VPS1:
autossh -M 0 -f -N -L 2222:111.111.11.111:22 -p 2222 -o PubkeyAuthentication=no [email protected]

new whenever i try to connect to 111.111.11.111[:]2222 it connects me to the ssh of 111.111.11.111 and asking me for the password for 111.111.11.111 however it should forward it to 222.222.22.222, ask for the password from server 222.222.22.222 etc.

Anyone have a clude as to how i can acivce this? and maybe someone also knows an tool (like a selfhosted webserver dashbord) which allow me to manage this stuff with ease.

runic plinth
#

To me this sounds like you want to do a DNAT, not SSH tunneling.
DNAT is basically "forwarding packets in the firewall". VPS1 adds a firewall rule, saying "any packet from [IP any] on [port 2222] DNAT/forward to [IP of VPS2] on port [port of VPS2]" (simplified). That way a user would say "ssh user@vps1", VPS1 would forward all packets to VPS2, and in reality the user logs in to VPS2. How to implement this in detail depends on the firewallsystem you use (nftables, iptables, firewalld, ufw, ...). But DNAT should to the trick for you.
From the gist of your plan I think you want to build something like a DMZ. A DMZ is a "DeMilitarisedZone", which is basically a private network, which is partially accessible by the outside or "untrusted" people. Maybe googling in that direction might help you with searching for helpful tools or information as well.

coral wyvern
# runic plinth To me this sounds like you want to do a DNAT, not SSH tunneling. DNAT is basical...

I havn't noticed your reply, next time would be nice if you could mention me. I can look into DNAT later but for now i wrote a little shell script for the ssh tunneling which however still have some errors. maybe you can help me there.

https://paste.fo/4e2e50021e65

paste.fo
Linux Scripting / SSH Tunneling

Created by Infinimonster#0002 | TG: @Infinimonster

Code to run script: ./create_tunnel.sh 32...

coral wyvern
#

@runic plinth i also looked into DNAT now and ran following command on vps1 (which is the one shown to users and not the one i want to hide)

iptables -t nat -A PREROUTING -p tcp --dport 2222 -j DNAT --to-destination 321.321.321.321:5555

o ofc opened port 2222 on 123.123.123.123 and 5555 on 321.321.321.321 but the issue is, that the connection seem to always timeout