E pur si muove

ssh magic

Thursday, February 19, 2009

Dear Lazy Web

If I write the following in my ~/.ssh/config:

Host bartunnel
  HostKeyAlias bar
  HostName bar
  LocalForward 8822 foo:22

Host barjump
  HostKeyAlias bar
  HostName localhost
  Port 8822

Then I can connect to host bar via host foo (circumnavigating a firewall that stops me from going to bardirectly) just like am connecting to it directly. E.g. in two separate shells (in this order):

$ ssh bartunnel # this sets up the tunnel
# different shell (or use -n on the last one)
$ ssh barjump # now I'm connected normally

Now is there something I could write in my ssh configuration file that I could just do this in one step? I want to simply do:

$ ssh barjump

and the tunnel should be set up for me in the background. Likewise if I close the connection the tunnel should go. Is this possible?

Thursday, February 19, 2009 |


René Dudfield said...


I saw this just the other day...


My favorite nc trick of late is using it in combination with ssh_config(5)'s "ProxyCommand" directive. "ProxyCommand" tells ssh to use the specified command's stdin and stdout to communicate with the destination host, rather than establishing a TCP connection itself. For example, if I can connect to the host "bastion", and if "bastion" can connect to the host "destination", but I cannot connect directly to "destination", I can stick the following in my ~/.ssh/ssh_config file:

host destination
ProxyCommand ssh bastion nc -w 1 destination 22


Anonymous said...

I suspect ProxyCommand (man ssh_config) is what you're looking for. Try something like:

Host direct_to_endpoint
User enduser
HostName endpoint
ProxyCommand ssh proxyuser@proxyhost netcat %h %p

Anonymous said...

Yes, you just created a custom setup for what ProcyCommand is designed to provide natively in openssh.

New comments are not allowed.

Subscribe to: Post Comments (Atom)