HTTP over multi-hop ssh

Question

I have access to a linux server via a multi-hop ssh

ssh -L3880:localhost:3880 user@first-hop-server -t ssh -L3880:localhost:3880 user@end-server

This is fine for access through ssh. However I want also to access Apache web server on port 80 of the end server with a web browser.

I've found solution without hopping, but I'm not sure how to adapt it. I'm on a MacOS machine

EDIT: If I try Tero suggestion, and activating -v on ssh I see more or less:

debug1: Connection to port 3880 forwarding to localhost port 3880 requested.
debug1: channel 3: new [direct-tcpip]
debug1: Connection to port 3880 forwarding to localhost port 3880 requested.
debug1: channel 2: new [direct-tcpip]
channel 2: open failed: connect failed: Connection refused
debug1: channel 2: free: direct-tcpip: listening port 3880 for localhost port 3880, 
connect from 127.0.0.1 port 38535, nchannels 3
debug1: Connection to port 3880 forwarding to localhost port 3880 requested.
debug1: channel 4: new [direct-tcpip]

(it goes on on different channels/ports all refused)

Tero Kilkanen · Answer 1 · 2016-07-26T11:53:11.440

3

Since one Apache host can host multiple domains, you need to make sure that your browser sends the Host header when making a HTTP connection, or the corresponding TLS header with HTTPS.

In order to achieve this, you need to edit your /etc/hosts file so that it includes:

127.0.0.1 example.com

Where example.com is the domain you want to reach.

After that you can make an SSH tunnel like above, and open the website with http://domain.com:port in your browser.

Edit: You need to make the last forward to server's HTTP port 80 or HTTPS port 443.

edited Jul 26 '16 at 11:53

answered Jul 26 '16 at 10:43

Tero Kilkanen

37,584

It doesn't seem to work. logs too long to put here, I'll add to question – Glasnhost Jul 26 '16 at 11:20

score 2 · Answer 2 · answered Jul 26 '16 at 11:37

I modified using the second tunnel on port 80

ssh -L3880:localhost:3880 user@first-hop-server -t ssh -L3880:localhost:80 user@end-server

So I understand that, locally port:3880->first-hop:3880 And from first-hop another tunnel takes port 3880 to webserver port 80

And using Tero suggestion, I now manage to open website on http://domain.com:3880 Having defined in /etc/hosts 127.0.0.1 domain.com

score 0 · Answer 3 · answered Sep 30 '22 at 08:50

0

The best solution is Jump Proxy:

ssh -N -A -J user1@host1 -D 8123 user2@host2

then you can use SOCKS in local via 127.0.0.1:8123

answered Sep 30 '22 at 08:50

Farab Alipanah

101

HTTP over multi-hop ssh

3 Answers3