SSH Experts: Is this possible?

I’ve got two machines, each behind a separate NAT. Both can SSH out, but neither can receive SSH connections. Port forwarding is not an option since one network drops nearly all incoming traffic before it gets to the NAT for security purposes, and we can’t reconfigure the router on the other one for bureaucratic reasons.

Both machines can SSH into a third easily accessible machine at the same time, however. Is it possible to build an SSH tunnel between the two machines, using the third as an intermediary, and then SCP files between them? Because that would totally solve all my life’s problems.

It is possible to do SSH over SSH, so I don’t see why not, just create an IP tunnel over SSH to the external box, say on port 8522 or something like that, then another one to the third computer. It should work out. I’m in a hurry so I can’t give you the command strings.

This is a step-by-step for a similar situation - hopefully it will be close enough for your purposes.

:smack:

I can’t believe I didn’t think of SSH over SSH. I set up a remote tunnel to port 54321 on the middle machine from port 22 on box1, and now I can SSH from box2 to box1 by simply doing

ssh -l friedo -p 54321 middlemachine

Hooray!

Thanks for the pointers.

I’m sure you’re aware of this, but just to be cautious: where before box1 was completely isolated behind the firewall, after you set up the remote tunnel, it now has port 22 open on the internet. Good passwords (as usual) are a good idea. Also, disallowing root access via ssh is wise.

Indeedily-doo. In fact, only public-key access from the one machine is being permitted. And this isn’t even going over the Internet, it’s to transfer stuff between two isolated small networks over a somewhat bigger isolated network.