DEV Community

Connor Bode
Connor Bode

Posted on

Chaining SSH tunnels

So here's my scenario:

  • Machine A has SSH exposed to the internet
  • Machine B is on the same LAN as Machine A, but is not exposed to the internet
  • Machine A has SSH access to Machine B via the LAN

Now let's say I'm outside the network and I want to have direct access to a port on Machine B (maybe I need to rsync something using the SSH port, or maybe I want to forward a database port). For this example, we'll assume we want to forward SSH port 22.

Port forward Machine B to Machine A

First, let's make Machine B's SSH port available from Machine A

ssh machine_a # to open a shell on Machine A
ssh -L 2222:localhost:22 machine_b # to open a tunnel from Machine B to Machine A

(Leave this shell open and start a new one for the next step)

Port forward Machine A to my computer

Next, let's forward the port we opened to our local machine

ssh -L 2222:localhost:2222 machine_a

Use the port

Now you can use the SSH port to directly access Machine B:

ssh -p2222 localhost # to open a shell on Machine B

or SCP

scp -P2222 /path/to/item localhost:/remote/path

or rsync

rsync -e 'ssh -p2222' /path/to/item localhost:/remote/path

Hope this helps!

If you found this helpful, follow me here on or on Twitter @connorbode for more on Linux, coding, etc.

Top comments (0)