SSH Rredirection

J

Juliet

Member
Oct 24, 2023
34
0
6
Hi,
I have a K8S cluser installed on proxmox host.
To access VMs created in Proxmox, I obliged to connect to the Proxmox server and then make another SSH connection to the desired VM .
This is not very practical in addition to posing obvious security problems.

is there a way please to do a SSH redirection HOST=> VM ?

I have tried this, but it didnt work :

Code: 
# redirection to the web server
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 32768 -j DNAT --to 192.168.1.2:22
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 32768 -j DNAT --to 192.168.1.2:22

where the 192.168.1.2 is the @ip of the master node.

thanks a lot
 
From man
-J destination
Connect to the target host by first making an ssh connection to the jump host described by destination and then establishing a TCP forwarding to the ultimate destination from there. Multiple jump hops may be specified
separated by comma characters. This is a shortcut to specify a ProxyJump configuration directive. Note that configuration directives supplied on the command-line generally apply to the destination host and not any
specified jump hosts. Use ~/.ssh/config to specify configuration for jump hosts."

So you can to ssh -J user@proxmox_node other@192.168.1.2
You can write it in the .ssh/config
Host vm-in-proxmox
HostName 192.168.1.2
ProxyJump proxmox_node

and than simply:
ssh vm-in-proxmox
 
garnus said:
From man
-J destination
Connect to the target host by first making an ssh connection to the jump host described by destination and then establishing a TCP forwarding to the ultimate destination from there. Multiple jump hops may be specified
separated by comma characters. This is a shortcut to specify a ProxyJump configuration directive. Note that configuration directives supplied on the command-line generally apply to the destination host and not any
specified jump hosts. Use ~/.ssh/config to specify configuration for jump hosts."

So you can to ssh -J user@proxmox_node other@192.168.1.2
You can write it in the .ssh/config
Host vm-in-proxmox
HostName 192.168.1.2
ProxyJump proxmox_node

and than simply:
ssh vm-in-proxmox
Click to expand...
Hi,
thanks for you time and reply.
if I understand, what I'm looking for is to avoid connecting to the proxmox Host in order to hit the master node.
I want to hit the master node direcrly via SSH.
 
Try this:
Code: 
iptables -A PREROUTING -t nat -i vmbr0 -p tcp --dport 32768 -j DNAT --to 192.168.1.2:22
iptables -A FORWARD -p tcp -d 192.168.1.2 --dport 22 -j ACCEPT
 
garnus said:
Try this:
Code: 
iptables -A PREROUTING -t nat -i vmbr0 -p tcp --dport 32768 -j DNAT --to 192.168.1.2:22
iptables -A FORWARD -p tcp -d 192.168.1.2 --dport 22 -j ACCEPT
Click to expand...
I did it, and i reboot peoxmox node, but nothing happen.
i cant do ssh directly into 192.168.1.2
 
garnus said:
Can you post the network configuration from the proxmox host?
Iptables config would be helpful too( iptables -n -L -t nat, iptables -n -L).
Do you have forwarding enabled?(https://linuxconfig.org/how-to-turn-on-off-ip-forwarding-in-linux)
Do you see the ssh traffic on the 192.168.1.2 in tcpdump?
Click to expand...
thanks from you help:
here's the /etc/network/interface
1706693577167.png
vmbr0 is for the host
vmbr2 is for the vms


Do you have forwarding enabled?(https://linuxconfig.org/how-to-turn-on-off-ip-forwarding-in-linux)
=> I have no idea
Do you see the ssh traffic on the 192.168.1.2 in tcpdump?
=> traffic of what ? can you tell the command to use I can test it.
 
1) Do you have forwarding enabled?(https://linuxconfig.org/how-to-turn-on-off-ip-forwarding-in-linux)
=> I have no idea --> you have, line that starts with post-up echo 1 > /proc....ip_forwarding
2) I would suggest to point the redirection to some other port like 4444(instead 22) in the ipbtables. Then on the VM open the port with
Code: 
nc -l -p 4444
open a console on the proxmox host and
Code: 
sudo tcpdump -i any port 4444
Then from your host try to connect to the port
Code: 
echo "test" | nc external_proxmox_ip 4444
You should see some traffic on the console with tcpdump and this would debugging the issue.
 
garnus said:
1) Do you have forwarding enabled?(https://linuxconfig.org/how-to-turn-on-off-ip-forwarding-in-linux)
=> I have no idea --> you have, line that starts with post-up echo 1 > /proc....ip_forwarding
2) I would suggest to point the redirection to some other port like 4444(instead 22) in the ipbtables. Then on the VM open the port with
Code: 
nc -l -p 4444
open a console on the proxmox host and
Code: 
sudo tcpdump -i any port 4444
Then from your host try to connect to the port
Code: 
echo "test" | nc external_proxmox_ip 4444
You should see some traffic on the console with tcpdump and this would debugging the issue.
Click to expand...
let me test this then I will get you back
 
I need some help from you to debug this, you didn't post iptables output and no tcpdump output.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back