Linux ssh forwarding / tunneling / duble ssh using the console
Double ssh (ssh on one machine, then on another) is a viable option for using a workstation from over the internet. Administrators prefer this method because it allows them to expose a single machine to access from the internet (and manage the security on this machine only). For the user, double ssh, also called, ssh tunneling or ssh forwarding means that, instead of connection to the machine they want to work on (located in the local network of the corporation), they have to ssh to the corporation network gateway, then ss again on their workstation.
The network configuration is this :
In Windows, programs like WinScp allow users to easily SSH on the workstation from a GUI. In Linux, using console command line is required, and the commands are not as easy as others. I will offer an example based on my configuration, all you have to do is adjust the hostnames for your own case.
The commands you have to enter are these:
1. Announce the local ssh and the gateway that you want ssh connections on a local port to be forwarded to the gateway and marked as “tunnel for workstation”:
ssh -l picobit -L 7777:workstation.colab.grid.pub.ro:22 fep.grid.pub.ro cat –
You will be required to enter your account password for the gateway (in my case, the password for the picobit username)
This command will not end. You have to end it manually after finishing your ssh session that you will open in step 2.
2. In a new terminal (the old one is blocked with the command from step 1):
ssh -p 7777 picobit@localhost
You will be required to enter the password for the workstation account.
If you get an error on step 2, you might want to add the -v parameter on the command from step 1, to enable verbose mode, it will help you debug the problem more efficiently.