1

I'd like to implement a (temporary, won't be a stable configuration) SSH tunnel, so I can SSH to box C from box A going through B.

A--->B--->C

I learnt that it can be done by running 2 commands on A:

ssh userB@B -L PORT:A:22
ssh userC@localhost -p PORT

The problem is that this works as long as authentication can be performed from box A, for example box C asks for userC's password, the password is prompted on box A and typed. In my case, however, the way to access box C is a key that's stored on box B (so, from box B, one just types ssh userC@C and is not prompted for a password). Box A just sees the message Permission denied (publickey).

Is there a way to allow access in this case?

Improve this question
3
  • 2
    See the "alternative solution" in this answer.
    – Kamil Maciorowski
    Commented Apr 9, 2021 at 12:08
  • Just an FYI, the name for what you're doing is an SSH multi-hop (it is a stable way to access hosts, often used to SSH into LAN devices through a router's WAN SSH server)
    – JW0914
    Commented Apr 9, 2021 at 12:26
  • Now I notice your "2 commands on A" allow you to reach userC@A. If there is no typo (did you mean -L PORT:C:22?) and A gets Permission denied (publickey) then this only means A's key is not enough to log in as userC at A. C is not involved.
    – Kamil Maciorowski
    Commented Apr 12, 2021 at 21:33

1 Answer 1

Reset to default
0

Thanks to @Kamil Maciorowski, the answer they referred to helped. Both ssh -J userB@B userC@C and ssh userB@B 'ssh userC@C' work. I found the former more suited to my specific need

Improve this answer
1
  • 1
    OK, I guess. Although I'm surprised ssh -J works for you, if A (allegedly) is not authorized to access C. See my new comment under the question.
    – Kamil Maciorowski
    Commented Apr 12, 2021 at 21:33

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .