Multi hop ssh connections with Putty

Kent Fredric kentfredric at
Fri Jun 20 21:27:06 BST 2008

I'm not excessively familiar with putty, ( ok, I used it for a year,
but I don't have it handy, and I don't memorize how windows apps work
) but I know ssh rather well, and they appear to have the same syntax.

Using and
as a guide,

The most common problem I have with SSH is I confuse "Local" and
"Remote" terminologies.

in "Local" mode, once the forward is established, querys to  "Source"
on Localhost (near side) will be forwarded to the destination.(far
in "Remote" mode, "source" on the remote host ( far side)  is
forwarded to "destination" ( near side )

>From what I've read you have this

A: Your computer
B: Intermediary
C: Final Host.  ( IP relative to B's view of the network )

Ill assume that  B:D   is a viable port on B running an SSH server,
C:E  is a port on C running an SSH server,
and C:F is a port on C running an HTTP server.

And you want to be able to tunnel stuff on C to A.

plink B -l someUser -P D -L X:C:E

( ie  plink -l someUser -P 6969 -L 10010: )

this makes the ssh server on C appear on A at port X, so that logging into
A:X ( a local port on local host )  with putty will give you host C  (
ie: ssh will work )

plink B -l someUser -P D -L X:C:F

( ie  plink -l someUser -P 6969 -L 8080: )

Will make http port on C appear at X on A.

The Visual Representation of this ( at least to my recollection ) is
using the "Local" page on portforwarding in putty ( as in image ) and
set the pairs
   SOURCE = X    (  10010 )
   SOURCE = X    (  8080 )

Side note, there a handy trick you can use with this if you have a box
you need to forward arbitrary ports on but it only can perform
outgoing connections, and is completely firewalled from inbound

Have the remote box do this:

  ssh -R 12345:  youruser at yourHost

This will make their box's ssh server appear on your computer at port
12345, permitting you to use

 ssh remoteuser at yourHost -P 12345


 ssh -L 8080: remoteuser at yourHost -P 12345

to set up port forwards as you please.

Hope that helps :)

ruby -e '[1, 2, 4, 7, 0, 9, 5, 8, 3, 10, 11, 6, 12, 13].each{|x|
print "enNOSPicAMreil kdrtf at"[(2*x)..(2*x+1)]}'

More information about the mailing list