How do I set up two hop ssh tunneling

Posted on 2011-10-14
Last Modified: 2012-08-13
I have a gateway system which is connected by vpn to a remote server.  I can ssh (or vnc) to the gateway from my host system and then ssh (or vnc) to the remote.  I would like to do this in one step, by creating a tunnel from the host system to the remote via the gateway.

I can create a local tunnel on the gateway system using ssh:
  [host] $ ssh gateway
  eager@gateway's password: ********
  [gateway] $ ssh -N -L 1234:remote:22 -f remote
  eager@remote's password: *******
  [gateway] $ ssh localhost -p 1234
  eager@localhost's password: *******   [password for remote]
  [remote] $

If I try to connect to the gateway port 1234 from the host system, it fails:
  [host] $ ssh gateway -p 1234
  ssh: connect to host gateway port 1234: Connection refused

Is there a way to set up a two hop tunnel:
  host:1234 ==> gateway:1234 ==> remote:22

Can this be done with SSH?  Or VPN?  
Question by:eager
    LVL 9

    Accepted Solution

    You are doing it the wrong way.

    The correct tunnel setting would be:
    [host] $ ssh -N -f -L 1234:remote:22 gateway
    eager@gateway's password: ******
    [host] $ ssh -p 1234 localhost
    eager@remote's password:

    Open in new window

    LVL 8

    Author Comment

    Thanks.  That was my confusion.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Suggested Solutions

    Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now