On Fri, Jun 17, 2016 at 7:04 PM, Greg Rundlett (freephile) < [email protected]> wrote:
> Yes, the -L xxxx:host:xxxx form is the command-line option syntax. I put > the configuration in my .ssh/config file so that I don't have to type out > the options. I've been doing exactly this sort of port forwarding to access Docker containers within a cloud VM, in ~/.ssh/config , as you describe. Allows tunneling different ports to different ultimate targets through a single tunnel too. Use -N -f to put tunnel in background w/o interactive shell on Bastion; i don't do that in the Config tho since sometimes i want a shell. There's a second option: *ssh and netcat as a proxy*, which i use when i may want a shell on the inner box instead of on the outer (meaning leaving off -N -f options) -- again in ~/.ssh/config : Host inner-container-tunnel User me ProxyCommand ssh -q bastion_or_host nc -q0 172.1.2.3 LocalForward localhost:5432 pg_container:5432 where 172.1.2.3 is the inner container address ... iirc, can be a local host name if bastion has DNS for the containers, inner hosts etc ... Even if not doing any shells, this keeps together any connections eventually-fanning-out to other servers for two hops. See also ... http://undeadly.org/cgi?action=article&sid=20070925181947 http://sshmenu.sourceforge.net/articles/transparent-mulithop.html -- Bill Ricker [email protected] https://www.linkedin.com/in/n1vux _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
