2

I am trying to connect to a server behind a firewall.

For this connection I have to use more than one jump server. So I SSH localuser1@jump1user2@jump2user3@server. I can connect directly to the server with

ssh -J user1@jump1,user2@jump2 user3@server

I want to tunnel a connection between Sublime Text on my local computer and rmate on the destination server. I followed the instructions on data36. In the description, the user just connects to one server with

ssh -R 52698:localhost:52698 user3@server

I have not found something similar for three servers. Is there an option to do this? Maybe someone could give me an example with the ports.

I have tried

ssh  -R 52698:localhost:52698,52698:jump1:52698, 52698:jump2:52698, 52698:server:52698 -J user1@jump1,user2@jump2 user3@server

but this gives me the error:

Bad remote forwarding specification 52698:localhost:52698,52698:jump1:52698,52698:jump2:52698,52698:server:52698

The names jump1, jump2, and server stand for the respective IP addresses. So in the real ssh command, I use IP addresses and not names.

Michael
  • 8,362
  • 6
  • 61
  • 88
NotTilFour
  • 29
  • 2

2 Answers2

1

You were overthinking it. Port forwarding isn't done jump-to-jump on each connection. You establish the tunnel through all the links, and then forward your ports through the tunnel.

ssh -J user1@jump1,user2@jump2 -R 52698:localhost:52698 user3@server

Or—even better—put the config in ~/.ssh/config:

Host jump1
    Hostname 1.1.1.1
    User user1

Host jump2
    Hostname 2.2.2.2
    User user2
    ProxyJump jump1

Host server
    Hostname 3.3.3.3
    User user3
    ProxyJump jump2
    RemoteForward 52698

and then just ssh server.

Michael
  • 8,362
  • 6
  • 61
  • 88
0

The reason the command isn't working is that jump1 and jump2 don't have corresponding rmate servers listening on those particular ports and forwarding on the the next server, so the signal dies at jump1. If you have shell accounts on jump1 and jump2, you could set up rmate on each one, as well as on the final server box.

Theoretically this should work, but I don't have any way of testing it. For more help, you can also try posting on the official Sublime Text Forum to see if anyone with more experience than I can give you some suggestions.

MattDMo
  • 100,794
  • 21
  • 241
  • 231