ssh tunneling to ssh tunneling

Question

In my case, four servers are involved, they are:

D: the target HTTPS server, which can only be directly accessed by C, but not A or B;
C: a Ubuntu box, which can only be directly accessed by B, but not A;
B: a CentOS box, which can be directly accessed by A
A: the working environment, Ubuntu

My goal is to have my Python code running on A to download HTTPS-data from D. I have root or sudo privilege on A/B/C. So I am going to setup SSH tunnelling between A<->B and B<->C and take advantage of direct accessibility between C<->D so that A can download data from D.

Firstly, as a trial to check connectivity of B<->C<->D, I can have the code running on B to download data from D by following steps:

1. on B, issued ssh -N -D 9988 C_user@C_host_ip -p C_sshd_port and input the password of B_user
2. on B, run the python code:

import requests
headers={'User-agent': 'Mozilla'}
proxies={'https': 'socks5h://127.0.0.1:9988'}
r = requests.get(D_url, headers=headers, proxies=proxies)

The code runs okay.

Secondly, to make the whole chain A<->B<->C<->D, I tried to make a ssh tunnel on A through B to C, but failed:

1. on A, issue ssh -N -L 9988:C_host_ip:C_sshd_port B_user@B_host_ip and input the password of B_user
2. on A, run the same python code, but got errors like socks.GeneralProxyError: SOCKS5 proxy server sent invalid data

My understanding of SSH tunnelling might be wrong. What should I do to accomplish the goal? Thanks.

Answer 1

Found this on web and tested it successfully.

To make it short, I should have used this command on B in Secondly:

ssh -N -L 9988:localhost:9988 B_user@B_host_ip

where the first 9988 is the listening port on localhost (as in socks5h host setting in python code) and the second 9988 is the port I have used on B host (as in the command issued on B host).

Credit is to the original poster of the link above.