I have a bit of a mess I'm trying to accomplish. I'll layout my setup first:


Home Machine *Dynamic IP* SSH Tunnel to *Web Server #1*(active at all times)

*Web server #1* *Static IP* SSH Tunnel to *Web Server #2*(active when connection received from *Workstation Office*

*Workstation office* Behind a scary government firewall(I work for the government).


So, to clarify, I want to SSH from *Workstation office* to *Webserver #2* which should then active an SSH tunnel to *Webserver #1* and forward me to that machine and in doing so forwards me to *Home Machine*.


Its a very complicated setup and am willing to simplify. However, I do NOT have access to the router at my home location(not my permanent residence) so cannot configure a dyndns account(reason for SSH tunnel).

Any ideas?

Yes, the webservers are Linodes and unfortunately, I can't divulge the reason for the hop between the two webservers. Sorry about that.

I'm not sure it's safe for us to help you tunnel out of a big, creepy organisation like the National Securit&^$3#.0(* NO CARRIER

_________________
/ Peter

See, you brought that on yourself. Now I have to come up with some excuse to 'deal' with your family....

Just my $.02, but I don't think scary government firewalls are the best place for you to learn...

I'll certainly take that under advisement but that's not my question.

I only saw one question, and I think my answer is appropriate
You don't actually say which part of your setup you have a problem with, or what you want to be able to access on the Home Machine, so all I could comment on was that I thought it was a bad idea :>

I'll simplify this I suppose. How feasible is it to accomplish a tunneled SSH connection/SSH forwarding to access a /home partition on my home machine from my workstation using the 2 web servers as hops/forwards?

I think if you can get out of your scary firewall, then it is just a matter of repeating the same ssh tunnel to your second webserver. The connection from home may be tricky if it is not 100% reliable - then you'll need a script to reconnect as needed. If it were me, I would use OpenVPN from home to webserver since it will automatically reconnect whenever the ip changes or the connection times out.

Interesting idea. I'll try OpenVPN with a script to maintain the connection. I'm curious though, once I get from my workstation to Server #1, how would I access my home machine?

P.S. I'm through the work firewall...helps when you control it I suppose...

With OpenVPN, you set up a whole new subnet with (fixed) private IPs, like 192.168.25.1. So your home machine now has a fixed IP, and you just SSH (or whatever) to it. IMO, OpenVPN really is the right solution for this, and BTW, you don't have to script to keep the link up, OpenVPN takes care of it.

_________________
The irony is that Bill Gates claims to be making a stable operating system and Linus Torvalds claims to be trying to take over the world.
-- seen on the net

If you set up Web Server 1 as an OpenVPN server, then both your Home Machine and Workstation Office can connect to it and share a private IP space as SteveG mentioned. If you really need the connection from work to be ssh and you must have the extra hop, then set up an ssh tunnel from work to Server 2 for the OpenVPN port.

Now, you'll have ssh traffic from work to server 2, and OpenVPN traffic between home, server 1, and server 2.

If you must have ssh between server 1 and server 2, another ssh tunnel is as simple as the first one.

In either case, with this setup you would have full network connectivity between work and home computers.

Very neat stuff. I'll start tinkering with that immediately. Should be quite the challenge. Thanks again everyone.

hrmmmm NSAjeff ???

Has the NSA been infiltrated by a double-agent, attempting to use Linode to get classified data out of the building??

hamachi worked great for me in the past. but cant get it to work on the linode centos distros.