Connect to remote server through a trusted (by the server) proxy machine (using ssh tunneling or...











up vote
0
down vote

favorite












I have an application (APP) which runs on a remote computer (COMPUTER_A) and connects to another remote computer (SERVER) on a specific port (PORT) to retrieve some information. Now, I want to deploy and run APP on another remote computer (COMPUTER_B). The problem is that SERVER is quite restrictive and only accepts incoming connections from COMPUTER_A. Is there a way to run APP on COMPUTER_B but make SERVER think that the connections are coming from COMPUTER_A?



Some facts:




  • I have ssh access on both COMPUTER_A and computer_B, but not on SERVER.

  • I do not have any kind of access on SERVER. I treat it as a back box.

  • I do not have root privileges on COMPUTER_A and COMPUTER_B.

  • COMPUTER_A and COMPUTER_B cannot listen for incoming connections (except for the ssh ports).

  • COMPUTER_A and SERVER belong to the same internal network (TRUSTED_NETWORK).


Furthermore, SERVER also accepts requests from computers that are connected to the TRUSTED_NETWORK. This network is accessible via VPN. If I install APP on my personal laptop and connect to the VPN (via openconnect), then APP can communicate with SERVER successfully. However, I can't use openconnect on COMPUTER_B because it requires root access. I read online that it is possible to connect without root access (http://www.infradead.org/openconnect/nonroot.html) but all my attempts have failed so far.



Ideally I would like to achieve my goal using ssh tunneling, but answers using a "rootless" VPN solution are also welcome.



Here is my failed ssh-tunnel-based attempt:





  1. Connect from my laptop to COMPUTER_A: 



    ssh user@COMPUTER_A



  2. Run on COMPUTER_A: 



    ssh -N -R 8888:SERVER:PORT user@COMPUTER_B



  3. This returns:



    debug1: remote forward success for: listen 127.0.0.1:8888, connect SERVER:PORT
    
debug1: All remote forwarding requests processed



  4. Connect from my laptop to COMPUTER_B: 



    ssh user@COMPUTER_B


  5. I modify APP on COMPUTER_B to connect to 127.0.0.1:8888 and not to SERVER:PORT



  6. I run APP on COMPUTER_B and I see:



    debug1: client_input_channel_open: ctype forwarded-tcpip rchan 1 win 2097152 max 32768
    
debug1: client_request_forwarded_tcpip: listen 127.0.0.1 port 8888, originator 127.0.0.1 port 49174
    
debug1: connect_next: host SERVER ([SERVER_IP]:PORT) in progress, fd=6
    
debug1: channel 0: new [127.0.0.1]
    
debug1: confirm forwarded-tcpip
    
debug1: channel 0: connected to SERVER port PORT


  7. Although the above output looks "positive", APP never gets a response from SERVER.







ssh vpn ssh-tunneling openconnect







share|improve this question




























    up vote
    0
    down vote

    favorite












    I have an application (APP) which runs on a remote computer (COMPUTER_A) and connects to another remote computer (SERVER) on a specific port (PORT) to retrieve some information. Now, I want to deploy and run APP on another remote computer (COMPUTER_B). The problem is that SERVER is quite restrictive and only accepts incoming connections from COMPUTER_A. Is there a way to run APP on COMPUTER_B but make SERVER think that the connections are coming from COMPUTER_A?



    Some facts:




    • I have ssh access on both COMPUTER_A and computer_B, but not on SERVER.

    • I do not have any kind of access on SERVER. I treat it as a back box.

    • I do not have root privileges on COMPUTER_A and COMPUTER_B.

    • COMPUTER_A and COMPUTER_B cannot listen for incoming connections (except for the ssh ports).

    • COMPUTER_A and SERVER belong to the same internal network (TRUSTED_NETWORK).


    Furthermore, SERVER also accepts requests from computers that are connected to the TRUSTED_NETWORK. This network is accessible via VPN. If I install APP on my personal laptop and connect to the VPN (via openconnect), then APP can communicate with SERVER successfully. However, I can't use openconnect on COMPUTER_B because it requires root access. I read online that it is possible to connect without root access (http://www.infradead.org/openconnect/nonroot.html) but all my attempts have failed so far.



    Ideally I would like to achieve my goal using ssh tunneling, but answers using a "rootless" VPN solution are also welcome.



    Here is my failed ssh-tunnel-based attempt:





    1. Connect from my laptop to COMPUTER_A: 



      ssh user@COMPUTER_A



    2. Run on COMPUTER_A: 



      ssh -N -R 8888:SERVER:PORT user@COMPUTER_B



    3. This returns:



      debug1: remote forward success for: listen 127.0.0.1:8888, connect SERVER:PORT
      
debug1: All remote forwarding requests processed



    4. Connect from my laptop to COMPUTER_B: 



      ssh user@COMPUTER_B


    5. I modify APP on COMPUTER_B to connect to 127.0.0.1:8888 and not to SERVER:PORT



    6. I run APP on COMPUTER_B and I see:



      debug1: client_input_channel_open: ctype forwarded-tcpip rchan 1 win 2097152 max 32768
      
debug1: client_request_forwarded_tcpip: listen 127.0.0.1 port 8888, originator 127.0.0.1 port 49174
      
debug1: connect_next: host SERVER ([SERVER_IP]:PORT) in progress, fd=6
      
debug1: channel 0: new [127.0.0.1]
      
debug1: confirm forwarded-tcpip
      
debug1: channel 0: connected to SERVER port PORT


    7. Although the above output looks "positive", APP never gets a response from SERVER.







    ssh vpn ssh-tunneling openconnect







    share|improve this question


























      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      I have an application (APP) which runs on a remote computer (COMPUTER_A) and connects to another remote computer (SERVER) on a specific port (PORT) to retrieve some information. Now, I want to deploy and run APP on another remote computer (COMPUTER_B). The problem is that SERVER is quite restrictive and only accepts incoming connections from COMPUTER_A. Is there a way to run APP on COMPUTER_B but make SERVER think that the connections are coming from COMPUTER_A?



      Some facts:




      • I have ssh access on both COMPUTER_A and computer_B, but not on SERVER.

      • I do not have any kind of access on SERVER. I treat it as a back box.

      • I do not have root privileges on COMPUTER_A and COMPUTER_B.

      • COMPUTER_A and COMPUTER_B cannot listen for incoming connections (except for the ssh ports).

      • COMPUTER_A and SERVER belong to the same internal network (TRUSTED_NETWORK).


      Furthermore, SERVER also accepts requests from computers that are connected to the TRUSTED_NETWORK. This network is accessible via VPN. If I install APP on my personal laptop and connect to the VPN (via openconnect), then APP can communicate with SERVER successfully. However, I can't use openconnect on COMPUTER_B because it requires root access. I read online that it is possible to connect without root access (http://www.infradead.org/openconnect/nonroot.html) but all my attempts have failed so far.



      Ideally I would like to achieve my goal using ssh tunneling, but answers using a "rootless" VPN solution are also welcome.



      Here is my failed ssh-tunnel-based attempt:





      1. Connect from my laptop to COMPUTER_A: 



        ssh user@COMPUTER_A



      2. Run on COMPUTER_A: 



        ssh -N -R 8888:SERVER:PORT user@COMPUTER_B



      3. This returns:



        debug1: remote forward success for: listen 127.0.0.1:8888, connect SERVER:PORT
        
debug1: All remote forwarding requests processed



      4. Connect from my laptop to COMPUTER_B: 



        ssh user@COMPUTER_B


      5. I modify APP on COMPUTER_B to connect to 127.0.0.1:8888 and not to SERVER:PORT



      6. I run APP on COMPUTER_B and I see:



        debug1: client_input_channel_open: ctype forwarded-tcpip rchan 1 win 2097152 max 32768
        
debug1: client_request_forwarded_tcpip: listen 127.0.0.1 port 8888, originator 127.0.0.1 port 49174
        
debug1: connect_next: host SERVER ([SERVER_IP]:PORT) in progress, fd=6
        
debug1: channel 0: new [127.0.0.1]
        
debug1: confirm forwarded-tcpip
        
debug1: channel 0: connected to SERVER port PORT


      7. Although the above output looks "positive", APP never gets a response from SERVER.







      ssh vpn ssh-tunneling openconnect







      share|improve this question















      I have an application (APP) which runs on a remote computer (COMPUTER_A) and connects to another remote computer (SERVER) on a specific port (PORT) to retrieve some information. Now, I want to deploy and run APP on another remote computer (COMPUTER_B). The problem is that SERVER is quite restrictive and only accepts incoming connections from COMPUTER_A. Is there a way to run APP on COMPUTER_B but make SERVER think that the connections are coming from COMPUTER_A?



      Some facts:




      • I have ssh access on both COMPUTER_A and computer_B, but not on SERVER.

      • I do not have any kind of access on SERVER. I treat it as a back box.

      • I do not have root privileges on COMPUTER_A and COMPUTER_B.

      • COMPUTER_A and COMPUTER_B cannot listen for incoming connections (except for the ssh ports).

      • COMPUTER_A and SERVER belong to the same internal network (TRUSTED_NETWORK).


      Furthermore, SERVER also accepts requests from computers that are connected to the TRUSTED_NETWORK. This network is accessible via VPN. If I install APP on my personal laptop and connect to the VPN (via openconnect), then APP can communicate with SERVER successfully. However, I can't use openconnect on COMPUTER_B because it requires root access. I read online that it is possible to connect without root access (http://www.infradead.org/openconnect/nonroot.html) but all my attempts have failed so far.



      Ideally I would like to achieve my goal using ssh tunneling, but answers using a "rootless" VPN solution are also welcome.



      Here is my failed ssh-tunnel-based attempt:





      1. Connect from my laptop to COMPUTER_A: 



        ssh user@COMPUTER_A



      2. Run on COMPUTER_A: 



        ssh -N -R 8888:SERVER:PORT user@COMPUTER_B



      3. This returns:



        debug1: remote forward success for: listen 127.0.0.1:8888, connect SERVER:PORT
        
debug1: All remote forwarding requests processed



      4. Connect from my laptop to COMPUTER_B: 



        ssh user@COMPUTER_B


      5. I modify APP on COMPUTER_B to connect to 127.0.0.1:8888 and not to SERVER:PORT



      6. I run APP on COMPUTER_B and I see:



        debug1: client_input_channel_open: ctype forwarded-tcpip rchan 1 win 2097152 max 32768
        
debug1: client_request_forwarded_tcpip: listen 127.0.0.1 port 8888, originator 127.0.0.1 port 49174
        
debug1: connect_next: host SERVER ([SERVER_IP]:PORT) in progress, fd=6
        
debug1: channel 0: new [127.0.0.1]
        
debug1: confirm forwarded-tcpip
        
debug1: channel 0: connected to SERVER port PORT


      7. Although the above output looks "positive", APP never gets a response from SERVER.







      ssh vpn ssh-tunneling openconnect




      ssh vpn ssh-tunneling openconnect






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 30 at 20:53









      Rui F Ribeiro

      38.5k1479128




      38.5k1479128










      asked Nov 30 at 4:39









      AstrOne

      1014




      1014



























          active

          oldest

          votes











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "106"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f485066%2fconnect-to-remote-server-through-a-trusted-by-the-server-proxy-machine-using%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown






























          active

          oldest

          votes













          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Unix & Linux Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f485066%2fconnect-to-remote-server-through-a-trusted-by-the-server-proxy-machine-using%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          List directoties down one level, excluding some named directories and files

          Image
          1 I want to send a list of all folders including one level down to a txt file. Excluding some named folders and no files. Imagine a folder structure like this. CAPS are folders. FOLDER 1 .hidden TEMP somefile ========= ========= FOLDER 2 .hidden TEMP DATA1 DATA2 somefile ======== ======== FOLDER 3 .hidden TEMP DATA1 somefile I would like to run "insert magic command here" and end up with an output that looks like below FOLDER 1 FOLDER 2 DATA1 DATA2 FOLDER 3 DATA1 bash shell-script share | improve this question edited Dec 16 at 4:15 Rui F Ribeiro ...
          Read more

          list processes belonging to a network namespace

          Image
          5 1 I am on Ubuntu 12.04, and the ip utility does not have ip netns identify <pid> option, I tried installing new iproute , but still, the option identify doesn't seem to be working!. If I were to write a script (or code) to list all processes in a network-namespace, or given a PID, show which network-namespace it belongs to, how should I proceed ? (I need info on a handful of processes, to check if they are in the right netns ) linux process network-namespaces share | improve this question edited Jun 30 '15 at 22:00 Gilles 529k 128 1060 1585 ...
          Read more

          list systemd RuntimeDirectory mounts

          Image
          3 I have a systemd service with this declaration: RuntimeDirectory=plex RuntimeDirectoryMode=750 which creates the in memory directory /run/plex . How would I list the capabilities of this mount point as I would do with mount -l ? systemd systemd-mount share | improve this question edited Jan 9 at 17:57 filbranden 7,400 2 8 37 asked Jan 9 at 17:40 adrhc adrhc 247 1 11 ...
          Read more