Our production servers are accessed by jump hosts. For example, if I want to login to host C, I have to ssh to host A. In host A, I could ssh to host B. In host B, then I can ssh to host C.
I am using secureCRT as ssh client. I found that When I need to transfer file to host C, I could use z-modem protocol to send file to host C from my computer directly. This could bypass host A and B.
So how can it do this ? Could I write a program to use z-modem to send files instead of mouse operations ?
SSH tunneling
SSH port forwarding is a mechanism in SSH for tunneling application ports from the client machine to the server machine, or vice versa. It can be used for adding encryption to legacy applications, going through firewalls, and some system administrators and IT professionals use it for opening backdoors into the internal network from their home machines. It can also be abused by hackers and malware to open access from the Internet to the internal network.
In OpenSSH, local port forwarding is configured using the -L option:
This example opens a connection to the gw.example.com jump server, and forwards any connection to port 80 on the local machine to port 80 on intra.example.com.
By default, anyone (even on different machines) can connect to the specified port on the SSH client machine. However, this can be restricted to programs on the same host by supplying a bind address:
The LocalForward option in the OpenSSH client configuration file can be used to configure forwarding without having to specify it on command line.
REMOTE FORWARDING In OpenSSH, remote SSH port forwardings are specified using the -R option. For example:
This allows anyone on the remote server to connect to TCP port 8080 on the remote server. The connection will then be tunneled back to the client host, and the client then makes a TCP connection to port 80 on localhost. Any other host name or IP address could be used instead of localhost to specify the host to connect to.
This particular example would be useful for giving someone on the outside access to an internal web server. Or exposing an internal web application to the public Internet. This could be done by an employee working from home, or by an attacker.
By default, OpenSSH only allows connecting to remote forwarded ports from the server host. However, the GatewayPorts option in the server configuration file sshd_config can be used to control this. The following alternatives are possible:
This prevents connecting to forwarded ports from outside the server computer.
This allows anyone to connect to the forwarded ports. If the server is on the public Internet, anyone on the Internet can connect to the port.
This means that the client can specify an IP address from which connections to the port are allowed. The syntax for this is:
In this example, only connections from the IP address 52.194.1.73 to port 8080 are allowed.
Thanks to: https://www.ssh.com/ssh/tunneling/example