How to access the SSH through another server

Question

I have a Linux server (A) (With IP X.X.X.X) that's accept SSH (in port X) only from another Linux server (B) with specific IP Y.Y.Y.Y. Obviously, if I login in the server B (From whatever IP) I can SSH the server A.

It is possible to access the server A through server B using a routing or forwarding from any IP?

I'm expecting to open a SSH connection in a specific port in server B and this will route the traffic to server A

Do you *need* to use routing or is an ssh-protocol specific solution also ok? — criztovyl, Sep 09 '22 at 17:48
Actually, I need to use SFTP (SSH File Transfer Protocol) from my office/home to access the files on server A. — h2odev, Sep 09 '22 at 17:50
@criztovyl I have to create a VPN (HOME/OFFICE => SERVER B) in this case? — h2odev, Sep 09 '22 at 17:56
If you can access Server B from your home/office, you do not need to create a VPN. Do you have an SFTP client in mind you intend to use? — criztovyl, Sep 09 '22 at 18:01
Yes, I can access the server B from my office/home and intend to use Filezilla client in this case. — h2odev, Sep 09 '22 at 18:03
The credentials you use to access the server A from B, are they stored on the server B? (If you use a password then the answer is no.) — Kamil Maciorowski, Sep 09 '22 at 18:14
No (both servers have different passwords and are not stored) — h2odev, Sep 09 '22 at 18:16
What OS are you on, how open are you to switching tools? IMO best protocol/client feature to use is a jump/proxy host, [but filezilla does not seem support that](https://forum.filezilla-project.org/viewtopic.php?t=54317). — criztovyl, Sep 09 '22 at 18:19
the alternative is a ssh port-forwarding, but you will need to use a additional program/client here to establish that port-forwarding. — criztovyl, Sep 09 '22 at 18:20
Does [this answer](https://superuser.com/a/1313935/432690) help? Note there's a useful comment below it. — Kamil Maciorowski, Sep 09 '22 at 18:22
@criztovyl If you can suggest me another SFTP client that's supports ssh port-forwarding for me is okay — h2odev, Sep 09 '22 at 18:22
What OS are you on? What is the SSH client you use normally? — criztovyl, Sep 09 '22 at 18:23
The client OS is Fedora Linux. To transfer files we use Filezilla and the default ssh client (/usr/bin/ssh) in terminal for remote SSH connections. — h2odev, Sep 09 '22 at 18:26
I have solved this using nginx upstream. What do you think, is this a good solution? — h2odev, Sep 09 '22 at 18:31

score 1 · Answer 1 · answered Sep 10 '22 at 10:27

I think that what you are looking for is called SSH Bastion and you can easily configure it by creating a ssh config file inside you .ssh directory. A good description is here: https://goteleport.com/blog/ssh-bastion-host/

Something like this shall made the trick (assuming that you want to connect to to server A from server C, you create a config file in server C):

$ cat ~/.ssh/config
Host X.X.X.X
   User serverAusername
   ProxyJump Y.Y.Y.Y

make sure that server B /etc/ss/sshd_config file has the correct settings as per the above link.

Hope this helps :-)

score 0 · Answer 2 · answered Sep 09 '22 at 19:02

One of the ways to solve this case is using nginx upstream in server B.

First, make sure to load the nginx stream module

load_module '/usr/lib64/nginx/modules/ngx_stream_module.so';

And add the proxy configuration as below:

stream  {
    upstream ssh {
        server {server-a-ip}:22;
    }

    server  {
        listen {my-non-standard-port};
        proxy_pass ssh;
    }
}

Then you can connect to server A:

ssh username@{server-b-ip} -p {my-non-standard-port}

Of course, better allow only your public IPs to access the server B in port {my-non-standard-port}

As you note this puts the ssh of server A into a similar exposed position like B. If that is not a problem, this is a solution. An alternative to forwarding the port on this level could be to firewalld/firewall-cmd. — criztovyl, Sep 09 '22 at 20:34

How to access the SSH through another server

2 Answers2