Three server A,B & C. How to ssh connect from A to C via intermediate server B, if A to B & C to B are password less(key)? I encountered this in an interview. Anyone knows how?
Asked
Active
Viewed 4,432 times
2
Jakuje
- 20,974
- 7
- 51
- 70
user2700022
- 123
- 1
- 4
-
Anyway, how do you want to connect to C, when you don't have the authentication there from B nor from A? There is probably some of the context missing, because at this time it does not make much sense, unless they wanted to hear from you about the remote port forwarding. – Jakuje Jun 15 '16 at 19:27
3 Answers
1
You are in server A:
ssh user@serverB ssh user@serverC
Or you can use proxy command (see here for more info Proxies and Jump Hosts) as follows:
Create a config file under ~/.ssh in server A with following data:
Host serverC
HostName serverC
User user
ProxyCommand ssh -l user serverB -W %h:%p
Then you can just user ssh serverC to reach it from serverA via serverB.
Vombat
- 12,654
- 13
- 44
- 58
-
This article is very outdated. You should use `ProxyCommand` with the `ssh -W` switch, rather than the `nc`. – Jakuje Jun 15 '16 at 18:39
-
-
@coffeMug I understood the first method, can you please elaborate on using with proxy? if possible with eg? – user2700022 Jun 15 '16 at 18:51
-
@coffeMug I tried out your 1st solution, it will work only if B->C also is password less isn't ? here in my case A->B & C->B are password less. but not B-> C. – user2700022 Jun 15 '16 at 19:02
-
1
@coffeMug I tried out your 1st solution, it will work only if B->C also is password less isn't ? here in my case A->B & C->B are password less.
but not B-> C.
Maybe, and only maybe C have a config allowing A, but does not communicate directly to A, requiring the middle server B only for the network communication. If that is true. iptables on server B using the table nat can do something for you.
Sorry i tried to help... so give it a try, is the only possibility, because in all others it will ask you for a password, because B->C no-password is required to this get working using ssh only.
Luciano Andress Martini
- 6,490
- 4
- 26
- 56
1
The original question does not make much sense. But I can guess they wanted to ask about the servers A and C in private networks (so they do not "see" each other) and B visible to both of them. In this case, the answer is Remote Port Forwarding. With example:
Create a tunnel B->C from C:
C$ ssh -R 2222:localhost:22 B
and then connecting from A to C like this:
A$ ssh A ssh -p 2222 localhost
Or in more elegant way with ssh_config. You will have to certainly write the password to connect to the server C (localhost:2222 from B), if there is not set up pubkey authentication, but that should not be a problem.
Jakuje
- 20,974
- 7
- 51
- 70