3

I have created a web service running on protected server(Centos, 123.123.123.123:8192), we can only login to the web server via SSH from a jump server (say 111.111.111.111). I can login the web server via SSH (first login to jump server, then dump to web server). Now I want to make a HTTP request to web server, How do setup the SSH tunnel to make it worker? Or if current limitation impossible, what is most secure way to open a door to make it possible?

Other limitations:

  • the web server can only access to database, other out data are disabled (no yum, no ping, e.t.,)
  • the jump server's SSH server listen on redefined port, say 32220.
  • the user name of web server (ws) and jump server (js) are different.
Improve this question

1 Answer 1

Reset to default
10 
ssh -L 8192:192.0.2.3:8192 198.51.100.7

then access http://localhost:8192/

What this does is:

-L = Listen on a local port (where the ssh client is running)

8192 = Listen on port 8192

192.0.2.3:8192 = When a connection comes in to 8192 to the ssh client, forward that across the SSH tunnel and connect out to 192.0.2.3:8192

198.51.100.7 is the normal "server you want to ssh to"

Improve this answer
2
  • not sure if the jump server is able to reach directly 123.123.123.123:8192 OP did not specified it Commented May 4, 2018 at 8:47
  • This works perfectly when you need to access webservices and ports locally Commented May 21, 2020 at 22:14

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.