Double SSH Hops example


Client –ssh only–> Jumpbox00 –ssh only–> Jumpbox01 —http only-> Internal network

Here is how to ssh to jumpbox01, and visit websites in internal networks from Client.

1) Ensure you have a private key that is trusted by both jumpbox00 and jumpbox01. For example, jb.pem under ~/.ssh/, then run the following command:

ssh-add ~/.ssh/jb.pem 

2) Add the following two lines in ~/.ssh/config

Host jumpbox01
ForwardAgent yes

3) For convenience, create a command or alias. For example, I created a command /usr/local/bin/double_jump

ssh -i ~/.ssh/jb.pem -A -t jchen@jumpbox00 -L 12345:localhost:12345 ssh -A -t jchen@jumpbox01 -D 12345

4) Make the above command executable

sudo chmod a+x /usr/local/bin/double_jump

Now run double_jump, it will open a ssh session to jumpbox01. Set socks proxy in your browser to localhost:12345, it allows client to visit the websites in the internal network.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s