Create ssh config to VNC server with tunnel via intermediate machine

Question

Create ssh config to VNC server with tunnel via intermediate machine

I recently found out about ssh config file where one can setup frequently used ssh connections. However, I am having troubles transforming one command which connects my computer to VNCServer running on my server which is hidden behind intermediate server. Basically transform this command (which works):

ssh -t -L port1:localhost:port2 user1@machine1.com ssh -L port2:localhost:port3 user2@machine.com

with vncviewer localhost:0 in separate window, into ssh config file. I managed to create a config which connect to the machine without throwing any Failed to set up port messages, but when I run in separate terminal window

vncviewer localhost:0

I get an error. In case the ~/.ssh/config is set in this way (my own try):

 Host machine1
   HostName machine1.com
   User user1
   LocalForward port1 localhost:port2
   RequestTTY force

 Host machine2
   HostName machine2.com
   User user2
   LocalForward port2 localhost:port3
   ProxyJump machine1

and ran by running ssh machine2 and then vncviewer localhost:0 in new terminal window the error is "Failed to connect to localhost:0": unable to connect to socket: Connection refused (111).

In the case I set it up as mention here:

Host machine2
  HostName machine2.com
  User user2
  LocalForward port1 user1@machine1:port2
  LocalForward port2 user2@machine2:port3
  RequestTTY force

I get an error saying The connection was dropped by the server before the session could be established.
In both cases I connect to machine2 in terminal window and can browse stuff. But I would like to connect to the vncserver also.

Can you please explain what am I doing wrong here? I was consulting these sources when creating any other ssh config:
https://linuxize.com/post/using-the-ssh-config-file/ — beginners guide

https://man7.org/linux/man-pages/man1/ssh.1.html — to look definition of every -t -L I used

https://phoenixnap.com/kb/ssh-config — to translate -t -L to ssh config command

https://www.ssh.com/academy/ssh/tunneling-example — to explain wheter I need LocalForward or Remote Forward

Asked By: Arual

||

Source

Answer 1

The first configuration seems fine. As for the second configuration LocalForward requires a hostname and you’ve provided user@address see [1].

Go with your first configuration (I’ve edited your first config below) and run

ssh -v -J machine1 machine2 -NL <p1>:localhost:<p2> # -v print ssh debugging messages
# <p1> : port on your computer
# <p2> : vnc port on machine2

Edited ssh config:

 Host machine1
   HostName machine1.com
   User user1
   #Port 22

 Host machine2
   HostName machine2.com
   User user2
   ProxyJump machine1
   #Port 22
   #LocalForward <p1> localhost:<p2>
   # <p1> port on your computer
   # <p2> port on machine2

[0] ssh with -v flag will allow you to understand what’s going wrong with your connection.

[1] https://linux.die.net/man/5/ssh_config

[2] More info on proxy jump https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Proxies_and_Jump_Hosts#Jump_Hosts_–_Passing_Through_a_Gateway_or_Two

[3] More info on proxy jump https://www.infoworld.com/article/3619278/proxyjump-is-safer-than-ssh-agent-forwarding.go

Answered By: davidt930