0

Not sure how to phrase this exactly. I have a school web server which I have to access to sshing to one server, and then from there ssh to another. Is there anyway I can set something up to bypass the first server, so I can access the 2nd server directly?

Perhaps I should mention that I'm working from my home windows machine. I've mentioned sshing, but like the title says, I want to FTP my files using something like FileZilla, not some command-line interface (PuTTy).

Danny Beckett
  • 1,419
mpen
  • 12,441

5 Answers5

3

You might want to check out OpenSSH's ProxyCommand, which allows you to specify an arbitrary command to establish a tunnel. In this case, you'd use an ssh connection to the first server, running something like netcat to connect to the second server. This is especially handy if you use public key authentification to connect to the first server, otherwise, you need to enter two passwords.

The relevant .ssh/config-snippet looks like this:

Host hidden-server
HostKeyAlias hidden-server
ProxyCommand ssh first-server nc -w1 hidden-server 22
mmarx
  • 76
2

After @mpen linked me to WinSCP I simply followed direction there, and made it work with Filezilla. Process is the same as described here.

These directions are for Windows only.

  1. Make sure you have downloaded Putty somewhere. Simply having putty.exe is sufficient (the command line interface). E.g. on your desktop
  2. Have an SFTP client installed (Filezilla or WinSCP for instance)
  3. Run this code from command line (The first path is obviously the directory where to execute the command):

C:\Users\<username>\Desktop> .\putty.exe <tunnel.server> -L 3111:<server-destination>:22

Example:

C:\Users\Bram\Desktop> .\putty.exe my.domain.com -L 3111:sub.domain.com:22
  1. Open up your SFTP client and use your normal credentials, but instead of the server address you use localhost with port 3111.
  2. You're done. Don't forget to keep the tunnel open until you're done!
Bram Vanroy
  • 1,347
1

~/.ssh/config:

Host internalmachine.mynet.com
    ProxyCommand ssh gateway.mynet.com exec nc %h %p
phresus
  • 1,002
0

Well, it depends. If the second server actually has a routable address (ie, its IP doesn't start with 10 or 192.168 or 172.16..-172.31..), then it should be possible. Except that its SSH server might only allow connections from the first server that you connect to. There are good security reasons for doing this - namely, that a public SSH server that does something important (like serving web pages) generally likes to be accessible from only a few IP addresses in order to keep people from breaking the passwords with dictionary attacks.

We are not the people to ask this question of. You should ask the administrator of the system in question why this is, and possibly if you can get your (fixed!) IP address set up as a trusted address on the final SSH server.

Ernie Dunbar
  • 707
0

Just found out you can use PuTTY to set up a tunnel, and then connect to it with whatever FTP program you want. Works great :)

(For whoever needs that solution as well: see How to transfer files when given two SSH accounts?)

ExpanDrive also works wonderfully and is incredibly easy to use.

Community
  • 1
mpen
  • 12,441