0

This has been asked before but I've had no success. I'm trying to connect two Linux devices via an E2C as a jump host:

[Box2 (Accessing REST API)] --> [EC2] --> [Box1 (Hosting REST API)]

What I've done:

On Box1 open up a reverse tunnel from port 6345 to port 7345 on E2C:

ssh -R 7345:localhost:6345 -i e2c_cert.pem [email protected]

On Box2 forward local 6345 port to port 7345 on E2C:

ssh -L localhost:6345:xx.xx.xx.xx:7345 -i e2c_cert.pem [email protected]

On the E2C port 7345 has been opened.

On the E2C I can see a response on Box1 when:

wget localhost:7345

But I get a connection refused on Box2 when trying:

wget localhost:6345

What am I doing wrong?

Improve this question
5
  • 1
    Probably your ssh -R makes the SSH server listen on the loopback interface only. What if you change your ssh -L command to ssh -L localhost:6345:localhost:7345 …?
    – Kamil Maciorowski
    Commented Jun 13 at 15:45
  • Thanks for the comment. I've tried both the following without success: ssh -v -R localhost:7345:localhost:6345 -i e2c_cert.pem [email protected] & ssh -v -R localhost:6345:localhost:7345 -i e2c_cert.pem [email protected]
    – leo8382
    Commented Jun 13 at 15:58
  • I did not ask you to change the ssh -R command. I asked you to change the ssh -L command and only the ssh -L command.
    – Kamil Maciorowski
    Commented Jun 13 at 16:00
  • That works, many thanks!
    – leo8382
    Commented Jun 13 at 16:10
  • My first comment is terse and therefore not a good answer by itself. I'm going to write an educative answer in few hours (unless somebody writes one first). Please don't post an answer in the question.
    – Kamil Maciorowski
    Commented Jun 13 at 16:12

1 Answer 1

Reset to default
0

ssh -R 7345:localhost:6345 … makes the SSH server listen on the loopback interface only, i.e. on localhost:7345 (where localhost means the machine with the SSH server). Your other tunnel, however, uses xx.xx.xx.xx:7345 as the endpoint.

There is a way to make ssh -R use xx.xx.xx.xx:7345; it would be useful if you wanted to connect to this address from the outside. You don't need to do this and it's better (security-wise) not to do this. The other tunnel ends "inside" and it can connect to localhost:7345 if only you tell it to.

On Box2 instead of ssh -L localhost:6345:xx.xx.xx.xx:7345 … run:

ssh -L localhost:6345:localhost:7345 …

Note in this case localhost:6345 gets resolved on the client side (where ssh runs), but localhost:7345 gets resolved on the server side. The two localhost strings denote different machines.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .