I need a reverse proxy solution for SSH

Peter Van Hove peter.van.hove at traikan.org
Wed Jan 26 23:40:50 UTC 2011 

Hello,

On 26/01/2011 12:16, Mike McGinn wrote:
> On Tuesday, January 25, 2011 23:41:04 Bond wrote:
>> Hi here is a situation I have a server in a corporate data center for
>> a project. I have an SSH access to this machine at port 22.There are
>> some virtual machines running on this server and then at the back of
>> every thing many other Operating systems are working. Now Since I am
>> behind the data centers firewall my supervisor asked me if I can do
>> some thing by which I can give many people on Internet access to these
>> virtual machines directly. I know if I were allowed to get traffic on
>> port other than 22 then I can do a port forwarding. But since I am not
>> allowed this so what can be a solution in this case. The people who
>> would like to connect might be complete idiots.Who may be happy just
>> by opening putty at their machines or may be even filezilla.I have
>> configured an Apache Reverse Proxy for redirecting the Internet
>> traffic to the virtual machines on these hosts.But I am not clear as
>> for SSH what can I do.So is there some thing equivalent to an Apache
>> Reverse Proxy which can do similar work for SSH in this situation.
>>
>> I do not have firewall in my hands or any port other than 22 open and
>> in fact even if I request they wont allow to open.2 times SSH is not
>> some thing that my supervisor wants.
> Talk to the folks who run the data center. my company has a bunch of servers 
> in a data center behind a firewall. We use a vpn to get through the firewall. 
> The keys are easily revoked.
>
Why would port-forwarding not work?
Looking at what you write about the setup, you have access with SSH to
the Host operating System.
The guest systems run on-top this Host. So I assume the guest and hosts
can talk directly with each other using TCP/IP?

if doing port forwarding on could just say:

ssh -L 2200:vserver1.myinternal.lan:22  vsx.mycompany.com
(Connection 1)
Then:
ssh -p 2200 localhost
(this will connect to vserver1.myinternal.lan on port 22)

other solution is to use Dynamic forwarding:

ssh -D1080 vsx.mycompany.com
You know have a socks5 proxy server running on localhost.

Any connection tot this proxy server will be forwarded to the
vsx.mycompany.com server.
now you can start putty and choose the proxy settings tab where you can
define the socks proxy server.

Kind regards,
Peter Van Hove

More information about the ubuntu-users mailing list