Ssh client through a specific interface

Question

Ssh client through a specific interface

How can I make the client ssh connection communicate through a specific interface?

I have a server with eth0 and eth1, and I want to force all ssh clients to go through eth0. Therefore, I could access my server through eth1 faster when there are many ssh clients on my server.

Edit: This is the server that initiates ssh client connections.

+4

ssh networking

Shark Sep 04 '12 at 8:42

source share

3 answers

xcxc · Answer 1 · 2014-11-19T09:00:14+0000

Updating OPs edit asks for a server-side solution - this is the client side. For temporary use, you can bind the option to SSH from a specific IP port or Ethernet port. ssh target_IP -b source_IP

For a more permanent solution, change the routing table.

I bought an ssh attempt at 172.xx69 from 172.xx7 (eth0), which has a different Ethernet port 172.xx8 (eth1), which is the default gateway.

It doesn’t work if I try to execute ssh directly - since this source IP address is set to xxx8 eth1 by default, and this is prohibited in the rules of the external firewall .69

# ssh 172.29.179.69 -l root ssh: connect to host 172.xx69 port 22: Connection timed out #

Success when I bind SSH to xxx7 IP (eth0) using the -b switch - this IP is allowed to connect to .69 in the firewall rules.

 # ssh 172.xx69 -b 172.xx7 -l root Last login: Wed Nov 19 14:27:44 2014 from 172.xx7 #

In 172.xx7, I have two ethernet ports x.7 and x.8

 # ifconfig eth0 Link encap:Ethernet HWaddr xxxxx inet addr:172.xx7 Bcast:172.xx31 Mask:255.255.255.224 inet6 addr: xxx Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:27678 errors:0 dropped:0 overruns:0 frame:0 TX packets:9 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1852058 (1.7 MiB) TX bytes:684 (684.0 b) eth1 Link encap:Ethernet HWaddr xxx inet addr:172.xx8 Bcast:172.xx31 Mask:255.255.255.224 inet6 addr: xxx Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:72022 errors:0 dropped:0 overruns:0 frame:0 TX packets:34734 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:40788643 (38.8 MiB) TX bytes:4441314 (4.2 MiB)

The reason I need this hack is the default routing table eth1 instead of eth0

 # route (@172.xx7) Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 172.xx0 * 255.255.255.224 U 0 0 0 eth1 172.xx0 * 255.255.255.224 U 0 0 0 eth0 192.168.1.0 * 255.255.255.0 U 0 0 0 eth2 link-local * 255.255.0.0 U 1002 0 0 eth0 link-local * 255.255.0.0 U 1003 0 0 eth1 link-local * 255.255.0.0 U 1004 0 0 eth2 default 172.xx1 0.0.0.0 UG 0 0 0 eth1 # eth0 OK #

Sam liao · Answer 2 · 2012-09-04T08:46:00+0000

Tell other users the eth0 ip address.

Sujal sheth · Answer 3 · 2014-09-30T09:57:19+0000

You need to add some rules to "iptables" in order to forward your ssh traffic initiated from the window to the remote machine.

 iptables -A FORWARD -i eth1 -o eth2 -p tcp --dport 22 -d [destination ip] -j ACCEPT

Ssh client through a specific interface

More articles: