Access web service behind jump host via ssh tunnel

Question

I have created a web service running on protected server(Centos, 123.123.123.123:8192), we can only login to the web server via SSH from a jump server (say 111.111.111.111). I can login the web server via SSH (first login to jump server, then dump to web server). Now I want to make a HTTP request to web server, How do setup the SSH tunnel to make it worker? Or if current limitation impossible, what is most secure way to open a door to make it possible?

Other limitations:

the web server can only access to database, other out data are disabled (no yum, no ping, e.t.,)
the jump server's SSH server listen on redefined port, say 32220.
the user name of web server (ws) and jump server (js) are different.

score 10 · Answer 1 · edited Feb 16 '22 at 16:18

10

ssh -L 8192:192.0.2.3:8192 198.51.100.7

then access http://localhost:8192/

What this does is:

-L = Listen on a local port (where the ssh client is running)

8192 = Listen on port 8192

192.0.2.3:8192 = When a connection comes in to 8192 to the ssh client, forward that across the SSH tunnel and connect out to 192.0.2.3:8192

198.51.100.7 is the normal "server you want to ssh to"

edited Feb 16 '22 at 16:18

Paul

3,137

answered Mar 06 '15 at 05:45

Craig Miskell

4,296

not sure if the jump server is able to reach directly 123.123.123.123:8192 OP did not specified it – exeral May 04 '18 at 08:47
This works perfectly when you need to access webservices and ports locally – Carlos Henrique Cano May 21 '20 at 22:14

Access web service behind jump host via ssh tunnel

1 Answers1