[TriLUG] sftp/ssh to boxes behind a firewall

Aaron S. Joyner aaron at joyner.ws
Wed Apr 4 10:23:04 EDT 2007


Magnus wrote:
> Aaron S. Joyner wrote:
>>  A couple entries like this
>> on your laptop may go a long way towards making your life easier:
>>
>> Host gateway
>>    HostName your.external.dns.name.example.com
>>    LocalForward 22222 an.internal.hostname:22
> 
> Note that with the netcat method, none of the ssh servers need to run on
> odd ports, nor does anything odd need to be done with the sshd_config on
> the servers.  The ssh "gateway" box (the one machine listening on port
> 22 externally) would have to have netcat (nc) installed locally.
> 
> Everything else is handled in the client config file to establish the
> proxy.

I think you may misunderstand what I'm suggesting.  I'm only suggesting
that you modify the client's local configuration, with a file in your
home directory.  Essentially this just saves you from typing command
line options.  Nothing is changed about the servers at all, no
additional requirements are imposed, no remote configuration changes are
required, no binaries need be installed other than stock OpenSSH on port
22.  No servers are listening on odd ports, just your SSH client
listening locally (on 127.0.0.1) on port 22222 for connections to be
forwarded.

Aaron S. Joyner



More information about the TriLUG mailing list