Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: ssh tunnel with 2 hops and key
Special Forums IP Networking ssh tunnel with 2 hops and key Post 302531676 by lessmore on Friday 17th of June 2011 12:16:02 PM
Old 06-17-2011
ssh tunnel with 2 hops and key
I have situation:
- localhost L
- server A
- server B (currently accessible only from B, but it have key of my localhost - added when L have different location and can access directly to B)

problem:
how set tunnel from L to B and use key from localhost (I don't remember password to B)?

I have tried:
ssh -f -N -L localPORT:serverB:22 -2 mylogintoA@serverA
but it doesn't work for me.
 

10 More Discussions You Might Find Interesting

1. Solaris

Solaris 8 ssh public key authentication issue - Server refused our key

Hi, I've used the following way to set ssh public key authentication and it is working fine on Solaris 10, RedHat Linux and SuSE Linux servers without any problem. But I got error 'Server refused our key' on Solaris 8 system. Solaris 8 uses SSH2 too. Why? Please help. Thanks. ... (1 Reply)
Discussion started by: aixlover
1 Replies

2. IP Networking

http over ssh tunnel using multiple hops

Hello, I got an application on a linux server that I would like to access using https and a URL. I would like to create a ssh tunnel. But, let's say the app is on box C, but box C can only be accessed through box B, that can be accessed only through box A. I would like to create the ssh tunnel... (0 Replies)
Discussion started by: Pouchie1
0 Replies

3. Cybersecurity

RDP over SSH Tunnel

Hi all, I'm trying have an alternative way of connecting into a Corporate network. Mostly in case the VPN down as I cannot also change the security policy. I want to expose windows RDP over ssh tunnel. I have 3 hosts in my scenario 1- Host a : Windows 2k8 has no internet access just only an... (3 Replies)
Discussion started by: h@foorsa.biz
3 Replies

4. UNIX for Dummies Questions & Answers

SSH tunnel working for ssh but not for sshfs

I'm trying to setup a link between my home pc (work-machine) and a server at work (tar-machine) that is behind a gateway (hop-machine) and not directly accessible. my actions: work-machine$ ssh -L 1234:tar-machine:22 hop-machine work-machine$ ssh -p 1234 user@127.0.0.1 - shh access on... (1 Reply)
Discussion started by: Vathau
1 Replies

5. IP Networking

Help with SSH tunnel?

I have a Java web app on machine (X) that needs to talk to an LDAP server (Y) on :636, but the LDAP server is only accessible on a particular network. I can login to a machine (Z) on that network from X, and this machine can talk to the LDAP server on :636. How can I tunnel so that X can... (2 Replies)
Discussion started by: spacegoose
2 Replies

6. UNIX for Advanced & Expert Users

Ssh tunnel question

Hi all I have a suite of scripts that ssh to remote servers within a cluster and run some tests. This is done from a central server so that all of the test results can be captured in one location. Problem is I now have 509 tests and the number is growing. The scripts work by establishing a... (2 Replies)
Discussion started by: steadyonabix
2 Replies

7. Shell Programming and Scripting

Ssh multiple hops to execute commands with arguments

Hi I need to write a script to ssh through several hops (e.g. HostA-HostB-HostC-HostD), where Host A does not have direct assess to HostC ; HostB cannot access HostD directly. when I ssh 3 hops and run command with arg1, arg2 and redirect the output to a file, e.g. HostA> ssh -t HostB ssh -t... (3 Replies)
Discussion started by: chiensh
3 Replies

8. Proxy Server

WebSocket over SSH tunnel - is it possible?

Hello, I have a video streaming application that utilizes a WebSocket for the server <-> client communication. My goal is to make the video streaming service available over the internet in the cases where neither the server nor client have public IPs. One way to do this is over a VPN... (8 Replies)
Discussion started by: Vladislav
8 Replies

9. Solaris

Tunnel X over ssh for 11.3

Hello Solaris experts: Trying to bring the 11.3 gdm screen over ssh to a Linux Box: I did the following: 1. made chanes to /etc/ssh/sshd_config & bounced ssh daemon: # X11 tunneling options X11Forwarding yes X11DisplayOffset 10 X11UseLocalhost yes 2. From the remote Linux box: ... (6 Replies)
Discussion started by: delphys
6 Replies

10. UNIX for Advanced & Expert Users

Tunnel using SSH

I am not clear with the part of concept of Tunneling using ssh. ssh -f -N -L 1029 192.168.1.47:25 james@192.168.1.47 I found out that above code works for me . but didn't quite well understood how ti works and need to ask you guys some questions. since we are using tunnel through ssh ... (2 Replies)
Discussion started by: lobsang
2 Replies

LEARN ABOUT PLAN9

rndc.conf

RNDC.CONF(5)							       BIND9							      RNDC.CONF(5)

NAME

       rndc.conf - rndc configuration file

SYNOPSIS

       rndc.conf

DESCRIPTION

       rndc.conf is the configuration file for rndc, the BIND 9 name server control utility. This file has a similar structure and syntax to
       named.conf. Statements are enclosed in braces and terminated with a semi-colon. Clauses in the statements are also semi-colon terminated.
       The usual comment styles are supported:

       C style: /* */

       C++ style: // to end of line

       Unix style: # to end of line

       rndc.conf is much simpler than named.conf. The file uses three statements: an options statement, a server statement and a key statement.

       The options statement contains five clauses. The default-server clause is followed by the name or address of a name server. This host will
       be used when no name server is given as an argument to rndc. The default-key clause is followed by the name of a key which is identified by
       a key statement. If no keyid is provided on the rndc command line, and no key clause is found in a matching server statement, this default
       key will be used to authenticate the server's commands and responses. The default-port clause is followed by the port to connect to on the
       remote name server. If no port option is provided on the rndc command line, and no port clause is found in a matching server statement,
       this default port will be used to connect. The default-source-address and default-source-address-v6 clauses which can be used to set the
       IPv4 and IPv6 source addresses respectively.

       After the server keyword, the server statement includes a string which is the hostname or address for a name server. The statement has
       three possible clauses: key, port and addresses. The key name must match the name of a key statement in the file. The port number specifies
       the port to connect to. If an addresses clause is supplied these addresses will be used instead of the server name. Each address can take
       an optional port. If an source-address or source-address-v6 of supplied then these will be used to specify the IPv4 and IPv6 source
       addresses respectively.

       The key statement begins with an identifying string, the name of the key. The statement has two clauses.  algorithm identifies the
       encryption algorithm for rndc to use; currently only HMAC-MD5 is supported. This is followed by a secret clause which contains the base-64
       encoding of the algorithm's encryption key. The base-64 string is enclosed in double quotes.

       There are two common ways to generate the base-64 string for the secret. The BIND 9 program rndc-confgen can be used to generate a random
       key, or the mmencode program, also known as mimencode, can be used to generate a base-64 string from known input.  mmencode does not ship
       with BIND 9 but is available on many systems. See the EXAMPLE section for sample command lines for each.

EXAMPLE

		 options {
		   default-server  localhost;
		   default-key	   samplekey;
		 };

		 server localhost {
		   key		   samplekey;
		 };

		 server testserver {
		   key	       testkey;
		   addresses   { localhost port 5353; };
		 };

		 key samplekey {
		   algorithm	   hmac-md5;
		   secret	   "6FMfj43Osz4lyb24OIe2iGEz9lf1llJO+lz";
		 };

		 key testkey {
		   algorithm   hmac-md5;
		   secret      "R3HI8P6BKw9ZwXwN3VZKuQ==";
		 };

       In the above example, rndc will by default use the server at localhost (127.0.0.1) and the key called samplekey. Commands to the localhost
       server will use the samplekey key, which must also be defined in the server's configuration file with the same name and secret. The key
       statement indicates that samplekey uses the HMAC-MD5 algorithm and its secret clause contains the base-64 encoding of the HMAC-MD5 secret
       enclosed in double quotes.

       If rndc -s testserver is used then rndc will connect to server on localhost port 5353 using the key testkey.

       To generate a random secret with rndc-confgen:

       rndc-confgen

       A complete rndc.conf file, including the randomly generated key, will be written to the standard output. Commented-out key and controls
       statements for named.conf are also printed.

       To generate a base-64 secret with mmencode:

       echo "known plaintext for a secret" | mmencode

NAME SERVER CONFIGURATION

       The name server must be configured to accept rndc connections and to recognize the key specified in the rndc.conf file, using the controls
       statement in named.conf. See the sections on the controls statement in the BIND 9 Administrator Reference Manual for details.

SEE ALSO

       rndc(8), rndc-confgen(8), mmencode(1), BIND 9 Administrator Reference Manual.

AUTHOR

       Internet Systems Consortium

COPYRIGHT

       Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
       Copyright (C) 2000, 2001 Internet Software Consortium.

BIND9								   June 30, 2000						      RNDC.CONF(5)
All times are GMT -4. The time now is 09:29 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy