tunnel from a computer to mine so for access to server via sftp-client

dilbertone · May 7, 2014, 2:27pm

hello

run opensuse 13.1 :: and i have access to a server via sftp:

question: can a friend tunnel from another computer to mine so that he can use my sftp-client on my machine!?
is this possible!?
**
In other words**: we have a situation where I have a SSH/SFTP access from my workstation to a server
Now a friend - livin somewhere else should use this access - which only works from my machine:

Note the server is not (!!) directly accessable from his workstation.

What is needed: We need to have ssh access from his computer to mine - so that he can then ssh to the server in question.

How can I accomplish this?

idea: Why can we not just ssh from #1 to console on #2 then ssh from machine #2 to console 3 within the session?

hmm: this is called “leapfrogging”

tsu2 · May 7, 2014, 5:10pm

You probably need to further describe whether you’re satisfied with his “just” using an app on your machine (eg sftp) or if you want to try to configure a connection from his machine to the resource transparently passing through your machine.

The way you worded your request, probably the simplest is for him to SSH into your machine and then run sftp to the resource. Of course, that will only enable ftp between your machine and the resource (not his machine immediately). If he also wants the resource, in this scenario, he would download a file to your machine, and then transfer the file to his machine is a separate network transaction.

TSU

dilbertone · May 7, 2014, 6:43pm

hello dear tsu

thx for the reply

i would be glad if he can use one app - eg the sftp-client (filezilla) remotely
is this doable

note - the server that needs to be reached with the sftp allows only access from a certain ip-range.
so we need to go this way - to set up such a - way that goes from

his computer to
mine and then to
the server

i hope i was able to explain.

love to hear from you

greetings

btw. - i use filezilla. can we do some easy way to solve the issue?

malcolmlewis · May 7, 2014, 7:23pm

On Wed 07 May 2014 04:46:01 PM CDT, dilbertone wrote:

hello dear tsu

thx for the reply

tsu2;2641740 Wrote:
> You probably need to further describe whether you’re satisfied with
> his “just” using an app on your machine (eg sftp) or if you want to
> try to configure a connection from his machine to the resource
> transparently passing through your machine.
>
> The way you worded your request, probably the simplest is for him to
> SSH into your machine and then run sftp to the resource. Of course,
> that will only enable ftp between your machine and the resource (not
> his machine immediately). If he also wants the resource, in this
> scenario, he would download a file to your machine, and then transfer
> the file to his machine is a separate network transaction.
>
> TSU

i would be glad if he can use one app - eg the sftp-client (filezilla)
remotely
is this doable

note - the server that needs to be reached with the sftp allows only
access from a certain ip-range.
so we need to go this way - to set up such a - way that goes from

his computer to
mine and then to
the server

i hope i was able to explain.

love to hear from you

greetings

btw. - i use filezilla. can we do some easy way to solve the issue?

Hi
The easy way to solve is to allow his ip address direct, with this
method your proposing is it allowable to the final host
(owners/admins)? Else it’s a potential security breach.

You can enable port forwarding on your system sshd_config and then
create a tunnel, it will need an ssh terminal session(s) though, unless
filezilla can run the commands during the connection?

There are plenty of howto’s on the net on what needs to be done via
command line, so could also be scripted. What host OS is the user on
wanting to connect from, if windows, then look at using putty to do
the job in creating the tunnel?

–
Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
openSUSE 13.1 (Bottle) (x86_64) GNOME 3.10.1 Kernel 3.11.10-7-desktop
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!

dilbertone · May 9, 2014, 5:20pm

hello dear malcom

many many thanks for the great tipps.

putty - great!!

look into all that

greetings

dmera · May 15, 2014, 9:14pm

i don’t have anything new to say but maybe said in a different way would make things clear. so first thing would be to connect from the friend machine to yours. via ssh would be secure. that can be done from a terminal in a linux machine or windows (putty,exceed, other apps). in order for your friend to reach your machine he needs either an account created on your machine to which he has the credentials or using your id(up to you to handle the security issues). once this is established you can connect to any machine to which your machine can reach to via any protocol you decide to use(sftp it seems). so first can you reach to your machine from your friend’s machine? is it behind a firewall and not accessible? then you’ll have to deal with your company policies. if yes then that’s it.