In this case, you can use a server which has a working ssh service as a bastion host to reach the server using a SSH tunnel.
This is a standard ssh behaviour but unfortunately this can be rather difficult to use if your client machine has windows as OS.
First, you need to have a moderately recent version of Putty, you can get it here: https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html and open it, you will get a configuration dialog.
- In the first screen, you are in the “Session” section and you can insert your bastion host name and ssh port (ssh port is 22 by default). You can define a session different by the default one, remember to save it after you do all the configurations otherwise you session will miss the configurations you make after saving!
- Then you must go in Connection|Data section and insert the Auto-login username, this is convenient if you have a dedicated user for your tunnel connection because it saves you to enter the username all the times.
- Then you must go in Connection|SSH section and select “Don't start a shell or command at all” in the Protocol Options. Here if you need it you can select Enable compression if your target service uses a lot of streaming uncompressed data, but it's totally optional and can impact performance on some services.
- Then you go configuring the actual tunnel in Connection|SSH|Tunnel. The source port is the port that will be listening on you client localhost interface and which must be contacted to reach the final service. The Destination is a combination of host and port which has source from the bastion host, so if the bastion host and the service host are the same and the service is an http server, you can insert localhost:80 as destination. Otherwise you can insert the private ip address and destination port of the service host.
- Remember to save the section, even if you decided to only have a Default Settings session earlier, you have to go back to the Session section, select the session (or type a new name) and choose “Save”.
- Then you can open the session (either by selecting it and clicking Open or by double-clicking it), Putty will ask you for the password (if you used Auto-login username, otherwise will ask you for a user first) and the drop you to a black terminal with nothing more.
- Finally, you can point your client (as a web browser for http, a dbclient for a database or a game) to localhost and the port you choose as source port.
TODO: make screenshots of all Putty configurations.
No comments:
Post a Comment