:: [DNG] SSH tunneling [ Re: Using ss…
Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
Didier Kryn at ->
Delete this message
Reply to this message
Author: R A Montante, Ph.D.
Date:  
To: dng
Subject: [DNG] SSH tunneling [ Re: Using ssh-agent in multiple logins ]
> Date: Wed, 1 Apr 2026 16:20:30 +0200
> From: Didier Kryn<kryn@???>
> Subject: Re: [DNG] Using ssh-agent in multiple logins
> ? ? I admit my config is not the most secure, particularly concerning
> the last point, but nowadays I essentialy use ssh within my home LAN --
> with exceptions for git clone and git push. Nevertheless it is a simple
> starting point.
>
> ? ? I, personally, would need a more literary and detailed explanation
> to understand your inner, outer and bastion configuration.
>
> --? ? ?Didier

I used this configuration, taught it (or tried to teach it) to my
networking classes on virtual machines.  Just re-verified it on my home LAN.

Scenario: I'm on client "whiteknight".  SSH server / primary login
target, is "rpi500".  Secondary servers are "whitequeen" and "rpi3". 
All running Devuan except rpi3 which is running RaspiOS.

* Server: set  "X11Forwarding yes"  in "/etc/ssh/sshd_config". 

  * whiteknight client:  "~/.ssh/config"  includes sections for the
    server and the secondary targets, like this:
  *

>     Host whitequeen
>      HostName whitequeen
>      User bobmon
>      Port 22
>      Protocol 2
>      ForwardX11 yes
>     #
>     # forward to rpi500tunnel...
>      LocalForward 22001 rpi500:22
>     #
>     # forward to rpi3tunnel...
>      LocalForward 22003 rpi3:22
>     #

>
>     Host rpi500tunnel
>      HostName localhost
>      User bobmon
>      Port 22001
>      Protocol 2
>      ForwardX11 yes

>
>     Host rpi3tunnel
>      HostName localhost
>      User bobmon
>      Port 22003
>      Protocol 2
>      ForwardX11 yes

>
  * Usage: the client needs two (or more) sessions, one for an initial
    session that will do the forwarding, plus as many sessions
     1. Client (whiteknight) sshes into server (whitequeen).  This
        creates the "tunnel".
     2. The ssh session needs to be backgrounded, or another terminal
        shell opened, for the next step.
     3. Whiteknight may now ssh into "rpi3tunnel".  This is port 22003
        on "localhost", which is monitored by the process running the
        current ssh session.  The new session request is forwarded by
        the "whitequeen" server to the "rpi3" server (which used to be
        behind a firewall and inaccessible from my home). 
        "rpi500tunnel" works the same way.


This all works better if you do "passwordless ssh" using authentication
keys, otherwise you'll be typing passwords repeatedly.

HTH, -Bob 


-- 
"'Curiouser and curiouser!' cried Alice"
     - Lewis Carroll, "Alice's Adventures in Wonderland"

This message was posted to the following mailing lists:
dng
Mailing List Info | Nearby Messages		<-Re: [DNG] I have to cancel my Rust presentation for 3/4/2026[DNG] Chromium "bit-rot" when constantly opening multi tabs->

Donate to Dyne.org

dyne.org open discussions
administrated by dyne.org hackers		Lurker (version 2.3)