ssh tunnel with stunnel4 hop

Previously I showed how to connect from computerA to computerB via ssh over https.

Now I will show how to connect from computerA to computerC using ssh over https through computerB.

The purpose of this is to allow the direct use of scp or sshfs directly between computerA and computerB while computerC simply tunnels all traffic.

After establishing the stunnel4 connection between computerA and computerB with the listening stunnel4 port on computerA being 2200, from computerA:

ssh -f localhost -p 2200 -L 2222:computerC:22 -N

The -f tells ssh to go into the background just before it executes the command. This is followed by opening a stunnel4 connection locally on 2200 (which is forwarded to computerB:22). The -L 2222:computerC:22 is in the form of -L local-port:host:remote-port.  This will open port 2222 on computerA which will tunnel through stunnel4 through computerB and open a connection to computerC port 22. Finally the -N instructs OpenSSH to not execute a command on the remote system.

To recap, this essentially forwards the local port 2000 to port 22 on computerC, with nice benefit of being encrypted.  Now, from computerA you can ssh directly to computerC using local port 2222:

ssh localhost -p 2222

computerA:2222 -> computerA:2200 -> stunnel4 -> computerB:443 -> computerB:22 -> computerC:22

you can now scp files from computerC directly to computerA

scp -P 2222 user:localhost:file .

In my next post I will figure out how to create multiple chains such that port 80 web browsing from computerA originates from computerC.



