2

My home computer is behind an ISP-level NAT (and firewall).

The target computer is work computer behind gateway. You have to log to gateway computer first via SSH (as it is the only one visible and with access from Internet). The SSH daemon on this gateway is configured to allow only 'keyboard-interactive' logins (i.e. no password-less public-key logging). Then you log to target computer using public-key based logging (only).

How to set up SSH tunnels (I would probably need two of them: forward and reverse), so that after setting those up I can login from my home computer directly to host computer, and vice-versa, both without providing password.

I'd like to be able to, for example, synchronize my private git repositories (pushing from home to target, and fetching from target to home).

Note that this is more involved setup that the one described in question How can I forward traffic from my publicly available server to a computer that is not publicly available?

Community
  • 1
Jakub Narębski
  • 1,238

1 Answers1

2

You're looking for something like this, I believe:

(Let's call the first server 'gateway1', and the second server 'gitrepo1')

ssh -L 8022:gitrepo1:22 gateway1

Then, with your private key locally on your home computer, you should be able to do the following to get to your git repo server:

ssh -i /path/to/your/key localhost -p 8022

I'm a little concerned that I'm missing something as I don't see a need for more than one tunnel in this situation.

Kyle Smith
  • 821
  • That allows logging from home to gitrepo1; I was wondering about logging from gitepo1 to home. – Jakub Narębski May 27 '11 at 14:41
  • 2
    Ah, yes, "and vice versa", I missed that. The reverse proxy would be something like ssh -R localhost:8022:localhost:22 gateway1, which would allow connections on gateway1:8022 to be proxied back to your home PC port 22 (SSH) -- CAUTION: anyone who has access to gateway1 can now SSH to your system! – Kyle Smith Jun 03 '11 at 20:27