0

This has been asked before but I've had no success. I'm trying to connect two Linux devices via an E2C as a jump host:

[Box2 (Accessing REST API)] --> [EC2] --> [Box1 (Hosting REST API)]

What I've done:

On Box1 open up a reverse tunnel from port 6345 to port 7345 on E2C:

ssh -R 7345:localhost:6345 -i e2c_cert.pem ubuntu@xx.xx.xx.xx

On Box2 forward local 6345 port to port 7345 on E2C:

ssh -L localhost:6345:xx.xx.xx.xx:7345 -i e2c_cert.pem ubuntu@xx.xx.xx.xx

On the E2C port 7345 has been opened.

On the E2C I can see a response on Box1 when:

wget localhost:7345

But I get a connection refused on Box2 when trying:

wget localhost:6345

What am I doing wrong?

jsotola
  • 340
leo8382
  • 3

1 Answers1

0

ssh -R 7345:localhost:6345 … makes the SSH server listen on the loopback interface only, i.e. on localhost:7345 (where localhost means the machine with the SSH server). Your other tunnel, however, uses xx.xx.xx.xx:7345 as the endpoint.

There is a way to make ssh -R use xx.xx.xx.xx:7345; it would be useful if you wanted to connect to this address from the outside. You don't need to do this and it's better (security-wise) not to do this. The other tunnel ends "inside" and it can connect to localhost:7345 if only you tell it to.

On Box2 instead of ssh -L localhost:6345:xx.xx.xx.xx:7345 … run:

ssh -L localhost:6345:localhost:7345 …

Note in this case localhost:6345 gets resolved on the client side (where ssh runs), but localhost:7345 gets resolved on the server side. The two localhost strings denote different machines.

Kamil Maciorowski
  • 81,893