Ssh – Create a Virtual Host using SSH


I have the following setup:

  • A machine on the local network that is connected to a VPN on another network, lets call it machine A
  • A machine on the local network that has access to machine A, but with no access to the VPN. Lets call it machine B.

Now if I want to access hosts inside the VPN from machine B, I could certainly do ssh forwarding or chained ssh calls (e.g. ssh machine-a ssh machine-vpn) but that gives me only limited access (i.e. as many ports as I specify in SSH tunnel using the -L option). Is there a way to create some sort of "Virtual Host" using SSH such that any connection to that Virtual Host in SSH will be forwarded to the target host inside the VPN, regardless of the port? To put the question in another way:

From machine A:

ssh -L 16000:machine-vpn:22 machine-a #creating the initial tunnel to the SSH port on machine-vpn
#now ssh -p 16000 localhost does an SSH to the machine behind the vpn
#create the Virtual Host somehow using SSH, call the virtual host vhost
ssh vhost #this will ssh to the machine behind the vpn, using ssh tunnel
ftp vhost #this will ftp to the machine behind the vpn, using ssh tunnel

Is there anyway to do that kind of thing?

Best Answer

SSH also supports dynamic forwarding. By specifying a dynamic port, the ssh client will create a SOCKS5 proxy which you can then use to forward all traffic and have it leave from the remote host.

ssh -D2000 machine-a

You can configure most programs (browsers and ftp, etc) to use a socks proxy. All you would need to do in this example is point to localhost:2000 as a SOCKS proxy.