Show Contents / Index / Search

Configure Multi-hop Secure Shell Sessions

Use multi-hop connections when you need to establish secure connections through a series of Secure Shell servers. This is useful if your network configuration doesn't allow direct access to a remote server, but does allow access via intermediate servers. The diagram represents such a series. The Windows workstation needs secure access to ServerC, but cannot connect directly to either ServerB or ServerC. ServerA can connect to ServerB which, in turn, can connect to ServerC.

Windows workstation right arrow ServerA right arrow ServerB right arrow ServerC

When you configure a multi-hop list, Reflection for Secure IT creates a secure end-to-end connection by establishing a series of secure tunnels. Each tunnel is established within an existing tunnel, and goes one step further along the chain.

The last server in the chain is the host you specified when you set up your initial Secure Shell connection. Add the other servers in order (top to bottom starting from the client side) to your multi-hop server list. The following procedure describes how to do this.

To configure multi-hop sessions

  1. Configure a Reflection Secure Shell session to ServerC.
  2. Open the Reflection Secure Shell Settings dialog box.
  3. Click the Multi-hop tab.
  4. Click Add, and then configure forwarding information to ServerA as follows:
    1. Specify a value for Forward local port. This can be any unused port (port 2022 is used in this example).
    2. Under Destination Host, specify the host Name (ServerA, in this example).

      Note: If this server requires a user name which is different from the one you specified in step 1 (ServerC, in this example), include the user name as shown here: JoeA@ServerA.

    3. Click Configure if you want this tunnel to use non-default Secure Shell settings.
    4. Click OK.
  5. Click Add again to configure forwarding information to ServerB:
    1. Specify a value for Forward local port. This can be any unused port (port 3022 is used in this example).
    2. Under Destination Host, specify the host Name (ServerB, in this example).

      Note: If this server requires a user name which is different from the one you specified in step 1 (ServerC, in this example), include the user name as shown here: JoeB@ServerB.

    3. Click Configure if you want this tunnel to use non-default Secure Shell settings.
    4. Click OK.
  6. Close the Secure Shell Settings dialog box and connect your Reflection session.

Note: If you are using this connection to tunnel data for another application (such as a browser or mail client), use the Tunneling tab to configure that port forwarding. For example, if your mail server runs on ServerC, after configuring this multihop, you can create a new local port forward as follows: for Local port to forward, specify any unused port (for example 1110), for the remote host Name, enter localhost ("localhost" in this context identifies the last server in the series-ServerC in the example above), and set the Port value equal to your mail server port (usually 110). When the Reflection multihop tunnel is established, you will be able to access the mail server securely by configuring your local mail client to connect to localhost:1110.