I am trying to connect to a server behind a firewall.
For this connection I have to use more than one jump server.
So I SSH local → user1@jump1 → user2@jump2 → user3@server.
I can connect directly to the server with
ssh -J user1@jump1,user2@jump2 user3@server
I want to tunnel a connection between Sublime Text on my local computer and rmate on the destination server. I followed the instructions on data36. In the description, the user just connects to one server with
ssh -R 52698:localhost:52698 user3@server
I have not found something similar for three servers. Is there an option to do this? Maybe someone could give me an example with the ports.
I have tried
ssh -R 52698:localhost:52698,52698:jump1:52698, 52698:jump2:52698, 52698:server:52698 -J user1@jump1,user2@jump2 user3@server
but this gives me the error:
Bad remote forwarding specification 52698:localhost:52698,52698:jump1:52698,52698:jump2:52698,52698:server:52698
The names jump1, jump2, and server stand for the respective IP addresses. So in the real ssh command, I use IP addresses and not names.
You were overthinking it. Port forwarding isn't done jump-to-jump on each connection. You establish the tunnel through all the links, and then forward your ports through the tunnel.
On the command line with
-J, the configuration must include the server and can also include user and/or port:[user@]host[:port].Standardizing
To make things easy (or to include other parameters for the jump hosts), put the config in ~/.ssh/config:
Then
ssh serveron the CLI will do all the hops and port forwarding automatically.