Allow SSH from ServerA on one network to directly connect with ServerB on a separate network.
Both networks are isolated behind separate ‘jump’ servers (edge servers with only SSH enabled). No port forwarding, no routing, just a jump server.
For those familiar with some of the more advanced (read: gross) features of SSH, tunnelling is not a difficult concept. Nevertheless, I think this is worth sharing:
Step one – tunnel to ServerA through JumpA:
ssh -L [localhost:]2202:ServerA:22 JumpA
Step two – connect through the first tunnel, and create a reverse tunnel to an unused port on the connecting workstation (I used 20052 in this example):
ssh -R 20052:localhost:20052 -p 2202 localhost
Step three – tunnel the port used in step two to ServerB port 22 through JumpB:
ssh -L 20052:ServerB:22 JumpB
There you have it. ServerA is now capable of SSHing into ServerB like this:
ssh -p 20052 localhost
The trick here is that we’re receiving from one inbound tunnel on port 20052, and forwarding that same port through another outbound tunnel. It’s gross, and unlikely to ever come in handy in a sane environment, but there it is. Food for thought.