Last Updated: December 07, 2016
·
2.213K
· Lars Van Casteren

ssh into a secured host through a jump server and forward ports

Secured zones (or vlan's) are often only accessible from a hardenend jump server, you ssh into the jump server and from there ssh to the target server. Easy. But sometimes you need to access a port on the target server with some debug tools on your localhost. Headache time... Unless you copy paste this oneliner! Keys must obviously be present on jump & target!

ssh -v -t -L 10443:localhost:20443 <jump_server> ssh -t -L 20443:localhost:443 user@<target_server>

Access local localhost:10443 and badabing! You're actually accessing target_server:443 as you can see the packets passing through the tunnel thanks to the -v parameter! You can chain many hops this way. Top it off with a quick edit on your local machine /etc/hosts file if target server application does redirects and you're all set!

sudo echo "127.0.0.1 target_server" >> /etc/hosts