1

I have looked all around but couldn't find the answer to a very simply question:

I would like to log into machine C from machine A, passing through machine B. However, B is slow, so I would also like my connection to C to be compressed/decompressed at C, tunneled through B, and decompressed/compressed at A.

What ssh command should I execute (in machine A) to get a prompt at machine C when:

  1. I am physically at machine A.

  2. I can use ssh to log directly...

    2.1. ... into machine B from A

    2.2. ... into machine C from B

  3. I cannot log into machine C from A directly

[EDIT]

This is not a duplicate because:

  1. I am not asking how to forward traffic in general, only an ssh connection, so there could be a different answer for the particular case of ssh forwarding through ssh
  2. I am asking for compression at the ends (as even the title mentions)
ricab
  • 722
  • @bersch This is not a duplicate because this question is (currently) not limited to SSH (and SSH may not even be the best solution). – Hauke Laging Mar 06 '14 at 00:38
  • What does "through machine B" mean exactly? Is forwarding on IP level enough or is it required that you login to B first and create a new connection to C from there? – Hauke Laging Mar 06 '14 at 00:40
  • 1
    @bersch this is also not a duplicate because the OP specifically asks for compression details, the dupe just explains tunnels. – terdon Mar 06 '14 at 02:00
  • @HaukeLaging, this is an ssh question, but I want compression at the ends. Through machine B means "through some ssh process I own in machine B". For that I somehow have to login to B. – ricab Mar 06 '14 at 11:39
  • Also, this is not a duplicate because I want to tunnel an ssh connection, not traffic in general, and there could be a particular ssh solution for that. – ricab Mar 06 '14 at 11:54
  • You can make the A->B connection as light as possible encryptionwise. A long while back I found "blowfish" to be the least demanding so set that option on the A-B connection and then forward a local port to port 22 on C through so you can do the normal ssh connection that way. – Thorbjørn Ravn Andersen Mar 06 '14 at 13:08
  • Also note that ssh can provide a SOCKS5 proxy. That makes many network ninja tricks easier. – Thorbjørn Ravn Andersen Mar 06 '14 at 13:09

1 Answers1

2

Assuming you have:

  • A with ip address ip_A
  • B with ip address ip_B
  • C with ip address ip_C

From a first terminal connect to the B and set a tunnel to C on ssh (port 10022 is used for the tunnel but it can be anything else):

ssh ip_B -L10022:ip_C:22

Then from another terminal, you will be able to connect "directly" to C from A by using the tunnel you just set and you add some compression option to the ssh command if needed:

ssh localhost -p 10022 -o "Compression=yes" -o "CompressionLevel=9"

In the latest command, I set compression to maximum, but it can be tuned from 1 to 9, 9 being the highest, but also the slowest.

Ouki
  • 5,962
  • This didn't work for me. I got this on the second terminal (when issuing the ssh localhost): ssh_exchange_identification: Connection closed by remote host; and at the same time, on the first terminal (sshed into B): channel 3: open failed: administratively prohibited: open failed – ricab Mar 05 '14 at 23:27
  • Seems you have firewall issues as well (I would assume on host B): SSH tunneling error - "channel 1: open failed: administratively prohibited: open failed” – Ouki Mar 06 '14 at 00:09
  • ... or your sshd configuration (but I was not able to reproduce your error). – Ouki Mar 06 '14 at 00:21
  • The problem was actually that I was using gateway aliases in place of ip_B and ip_C, and these actually refer to more than one physical machine. So these gateways need to block this kind of stuff, since you can be logged into one machine the 1st time and another one the 2nd. Once I chose particular machine IPs it worked. So thanks, your answer solved it :) – ricab Mar 06 '14 at 11:52
  • fwiw I found I had to add -4 (use ipv-4) to the first ssh command or I'd get the 'administratively prohibited' message (which appears on B). – drevicko Jul 12 '19 at 13:22