Score:2

SSH Config based on ssh command with port forwarding

tr flag

I'm trying to convert the following SSH command on a SSH File entry.

My command is as follows:

ssh -i identity-file.pem -L 20000:internal-host.com:8080 [email protected] -N

An this is the current SSH file

Host remote-host-tunnel
  IdentitiesOnly yes
  HostName remote-host.com
  User user
  PubKeyAuthentication yes
  IdentityFile ~/.ssh/identity-file.pem
  ServerAliveInterval 30

Host internal-host-forwarding
  LocalForward 20000 internal-host.com:8080
  Hostname internal-host.com
  ProxyCommand ssh remote-host-tunnel nc %h %p

I'm able to reach the tunnel as folows:

ssh remote-host-tunnel

Everything up until this point works fine

But then, when I want to access the internal-host it's not working

ssh internal-host-forwarding -N

The connection does not get established

Ncat: Connection timed out.

kex_exchange_identification: Connection closed by remote host

Connection closed by UNKNOWN port 65535

Score:2
by flag

You are trying to to use the ProxyCommand with netcat to establish a connection to the internal host, but that is not necessary for port forwarding, just combine the configurations of both hosts into a single entry like this in your ssh config file:

Host remote-host-tunnel
  IdentitiesOnly yes
  HostName remote-host.com
  User user
  PubKeyAuthentication yes
  IdentityFile ~/.ssh/identity-file.pem
  ServerAliveInterval 30
  LocalForward 20000 internal-host.com:8080

Now you can just connect to the remote-host-tunnel

ssh remote-host-tunnel -N

edit: You can also create multiple entries for each internal host like the example below

Host remote-host-tunnel
  IdentitiesOnly yes
  HostName remote-host.com
  User user
  PubKeyAuthentication yes
  IdentityFile ~/.ssh/identity-file.pem
  ServerAliveInterval 30

Host internal-host-forwarding-1
  Hostname localhost
  Port 20000
  ProxyJump remote-host-tunnel
  LocalForward 20000 internal-host1.com:8080

Host internal-host-forwarding-2
  Hostname localhost
  Port 20001
  ProxyJump remote-host-tunnel
  LocalForward 20001 internal-host2.com:8080

and if you want to connect to internal-host-forwarding-1 do ssh internal-host-forwarding-1 -N

fingerprints avatar
tr flag
Thank you for your answer. This was my workaround as well, but I have multiple tunnels that were suppose to connect to different `internal-hosts` that need to go all trough the same `remote-host` . That's why I was trying to keep them separated
Saxtheowl avatar
by flag
You welcome, I updated my answer
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.