ssh tunneling
by wkuballa from LinuxQuestions.org on (#5RNYY)
I have a question regarding ssh tunneling.
I have three systems:
A Debian workstation in the office. This system has only a 10.xxx IP address, no public IP address. It can access the Internet (NAT'ed to one of the company's public IP addresses). This workstation runs a Gnome desktop accessible via a VNC connection. I am using port 5216. For security reasons, the VNC server listens only for connections from the local host.
An AWS mini-system, which I use as a jump host. Other than OpenSSH it has hardly any software packages installed. The AWS system does have a public IP address.
A home system. Actually, this can be my laptop, my tablet, even my phone. The home system has only an internal 192.168.xxx IP address, no public IP address. The home system runs a graphical user interface and can run a VNC client.
The office system runs an autossh" job, which establishes a reverse tunnel from the AWS system, port 2216 to port 22 of the office system. With this configuration I can ssh from a home system to the AWS system, and from there to the office system. But I want to connect the VNC client on a home system to the VNC server on the office system. This does work with this command sequence issued in a terminal on a home system:
ssh -f -L 2226:localhost:2226 myself@$AWS sleep 180
ssh -f -L 5926:localhost:5926 -p 2226 myself@localhost sleep 180
vncviewer localhost:26
I find this somewhat clumsy and wonder if there is a better way to establish this VNC connection?
Regards,
Werner
I have three systems:
A Debian workstation in the office. This system has only a 10.xxx IP address, no public IP address. It can access the Internet (NAT'ed to one of the company's public IP addresses). This workstation runs a Gnome desktop accessible via a VNC connection. I am using port 5216. For security reasons, the VNC server listens only for connections from the local host.
An AWS mini-system, which I use as a jump host. Other than OpenSSH it has hardly any software packages installed. The AWS system does have a public IP address.
A home system. Actually, this can be my laptop, my tablet, even my phone. The home system has only an internal 192.168.xxx IP address, no public IP address. The home system runs a graphical user interface and can run a VNC client.
The office system runs an autossh" job, which establishes a reverse tunnel from the AWS system, port 2216 to port 22 of the office system. With this configuration I can ssh from a home system to the AWS system, and from there to the office system. But I want to connect the VNC client on a home system to the VNC server on the office system. This does work with this command sequence issued in a terminal on a home system:
ssh -f -L 2226:localhost:2226 myself@$AWS sleep 180
ssh -f -L 5926:localhost:5926 -p 2226 myself@localhost sleep 180
vncviewer localhost:26
I find this somewhat clumsy and wonder if there is a better way to establish this VNC connection?
Regards,
Werner