Show Contents / Index / Search

Configure Multi-hop Secure Shell Sessions

Use multi-hop connections when you need to establish secure connections through a series of Secure Shell servers. This is useful if your network configuration doesn't allow direct access to a remote server, but does allow access via intermediate servers. The diagram represents such a series. The Windows workstation needs secure access to ServerC, but cannot connect directly to either ServerB or ServerC. ServerA can connect to ServerB which, in turn, can connect to ServerC.

Windows workstation right arrow ServerA right arrow ServerB right arrow ServerC

When you configure a multi-hop list, Reflection for Secure IT creates a secure end-to-end connection by establishing a series of secure tunnels. Each tunnel is established within an existing tunnel, and goes one step further along the chain.

The last server in the chain is the host you specified when you set up your initial Secure Shell connection. Add the other servers in order (top to bottom starting from the client side) to your multi-hop server list. The following procedure describes how to do this.

To configure multi-hop sessions

  1. Configure a Reflection Secure Shell session to your final destination host (ServerC in this example).
  2. Open the Reflection Secure Shell Settings dialog box.
  3. Click the Multi-hop tab.
  4. Click Add, and then configure the connection to the first multi-hop server in your configuration (ServerA in this example).
    1. For Host name specify the destination host for this hop (ServerA in this example).
    2. (Optional) Specify a value for User name if this host requires a user name that's not the same as the user you specified for your original host connection. (In this example, you would need to specify a user name if ServerA and ServerC require different user names.)
    3. (Optional) Modify the Port value if your host doesn't use port 22 for Secure Shell connections.
    4. (Optional) Click Configure, or specify an SSH configuration scheme to use non-default Secure Shell settings for this connection.
    5. Click OK.
  5. Click Add again to configure connections to any additional multi-hop servers (ServerB in this example).

Note: If you are using this connection to tunnel data for another application (such as a browser or mail client), use the Tunneling tab to configure that port forwarding. For example, if your mail server runs on ServerC, after configuring this multihop, you can create a new local port forward as follows: for Local port to forward, specify any unused port (for example 1110), for the remote host Name, enter localhost ("localhost" in this context identifies the last server in the series-ServerC in the example above), and set the Port value equal to your mail server port (usually 110). When the Reflection multihop tunnel is established, you will be able to access the mail server securely by configuring your local mail client to connect to localhost:1110.