I'm trying to tunnel all my web traffic to a remote linux server (A) but I can't access it from my local windows machine. However there is a computer (B) which I have access to, which happens to have access to the (A) machine.

So my goal is use machine B to access machine A and tunnel all my traffic through it.

I thought maybe instead of

ssh -N -D 1080 user@machine-A

I could do something like:

ssh -N -D 1081 user@machine-B
ssh -N -D 1080 user@machine-A --use "1081"

1 Answer 1


I think you coult try it, but not exactly like that.

The -D switch you use, refers to dynamic port forwarding, which opens a socks 5 proxy on your local pc and tunnels all the trafic to the ssh pc.

So, in machine B, by issuing

B$ ssh -N -D 1080 user@machine-A 

you create a proxy on machine B on the 1080 port that tunnels all the trafic to machine A

Then, in your local machine, you need to instruct ssh to tunnel all your trafic to the specific port of machine B

An appropriate way of doing so would be to use,

ssh -R 1080:localhost:1080 user$machine-B

Then, all the trafic would go from local port 1080, to machine-B 1080 and then to machine A.

I think that this setup should do the job you are trying to accomplish.

  • Maybe I didn't explain properly but what I'm trying to do is to issue both ssh command in my local machine. This is why I wrote the title as "ssh tunnel over another ssh tunnel" so that I could open a ssh tunnel to machine B, and then use that connection to open the actual ssh tunnel to computer A.
    – Hassan
    Commented Nov 21, 2019 at 16:31
  • You will first issue the SSH command from your machine to machine B ( without thn N key). Then you will use the terminal that SSH pops ( you are logged on machine B) and you will issue the command there, the command that SSH s to machine A.The N key means that you ** don't want** a terminal, so don't use this key. The time order of the commands in my answer is reversed. First you issue the command from your machine to machine B ( the second in my answer) and the in the terminal of machine B you issue the first command.
    – Grigoris
    Commented Nov 21, 2019 at 16:45
  • Yes I understand how your solution works. But my goal was to do all that on my local windows machine. Meaning I wanted to tunnel (port forward) to machine B and tunnel to machine A but have it go through the machine B tunnel. Is it clear now?
    – Hassan
    Commented Nov 21, 2019 at 16:59
  • Yes, and this is exactly how the tunnel to tunnel works. The first, SSH - r 1080:localhost:1080 machine-B tunnels.all.yhe traffic from your machine to machine B. The second SSH -D 1080 machine-A tunnels the traffic from machine B to machine A. So your data go to machine A through machine B. The second tunnel cannot be set up from your machine, as it is between machine B and machine A. It has to be from inside machine B. In a sense, the semantics of your --use key is exactly that, to use the 1080 port ( which makes the data to 1080 as if there are in machine A) is exactly that.
    – Grigoris
    Commented Nov 21, 2019 at 20:43

Not the answer you're looking for? Browse other questions tagged .