SSH Tunnel: Secure Access Through Multiple Hops

Creating a chained SSH tunnel through multiple hops to securely access an internal web server from an external network.

Topology

Kali (172.26.0.x) → VPS1 (192.168.50.10) → VPS2 (192.168.100.10) → Apache Server

1. Install SSH and Apache

# Kali:
apt-get install openssh-server
# VPS1 and VPS2:
sudo apt-get install openssh-server openssh-client
# Server:
sudo apt install apache2

2. Build the Chained Tunnel (3 terminals)

Terminal 1 — Kali → VPS1

ssh -L 5678:127.0.0.1:4321 user@192.168.50.10

Terminal 2 — VPS1 → VPS2

ssh -L 4321:127.0.0.1:1234 user@192.168.100.10

Terminal 3 — VPS2 → Server

ssh -D 1234 user@192.168.10.10   # Dynamic SOCKS proxy

3. Configure FoxyProxy on Kali

• Type: SOCKS5 | IP: 127.0.0.1 | Port: 5678

4. Access the Internal Server

# In the Kali browser with FoxyProxy ON:
http://127.0.0.1
# Displays the Apache page of the internal server