Topic: SSH to an internal host

[filk]

I have just set up an additional server behind a SME 5.5 box.  I would like to be able to directly ssh into this server even though I only have 1 IP address.  According to the documentation: http://edocs.mitel.com/6000_SME_Server/smeserveruserguide/English/admin-hostnames.html

Where this gets complicated is when you want "research.mycompany.xxx" to be accessible both inside and outside your local network. The challenge is that your local IP addresses are only accessible inside your network. For that reason, the target computer system will need to have two network interface cards - one connected to the internal network and one connected to the external network. You would then enter both IP addresses in this screen in the "Local IP" and "Global IP" fields. Note that this will only work if you are a ServiceLink subscriber as the server alone does not update public DNS information.

Is there any other way to get direct ssh access to the internal server without two NIC's?

[Dan Brown]

To SSH directly to an internal host, you're going to need two IP addresses; there's just no way around that without disabling ssh access to the SME server (if you were willing to live with that, I suppose you could forward all port 22 traffic to the internal host).  A better solution would be to either (1) ssh to the sme, and ssh from the sme to the internal host, or (2) ssh to the SME, setting up an ssh tunnel which would direct port 22 on your machine to port 22 on the internal host.  Then ssh to the internal host though the tunnel.

The SSH tunnel approach is probably the more elegant of the two; there are contributed HOWTOs on setting it up.

[filk]

That's what I was afraid of.  I still want to be able to ssh to the SME server.  What I was really trying to do is rsync via ssh from external servers to the internal server.  From your response and from my research, it looks like I'll have to talk to my ISP about an additional IP.  Thanks for your help.

[Charlie Brady]

Dan Brown wrote:
 
> To SSH directly to an internal host, you're going to need two
> IP addresses; there's just no way around that without
> disabling ssh access to the SME server (if you were willing
> to live with that, I suppose you could forward all port 22
> traffic to the internal host).

There's nothing to say that you can only use the SSh protocol on port 22. So you could port forward, say, port 23 on the SME server to port 22 of the internal host, and then have inbound ssh to both servers - port 22 to the SME server and port 23 to the internal host.

Charlie

[Dan Brown]

Oh, duh...  Should have thought of that one.

[filk]

I'll give that a shot.  I just need to read up on rsync to see if I can specify an alternative ssh port.  Or I will forward all port 22 traffic to the internal server and set the SME server ssh on port 23.