ssh magic
Thursday, February 19, 2009
Dear Lazy Web
If I write the following in my ~/.ssh/config:
Host bartunnel
HostKeyAlias bar
HostName bar
LocalForward 8822 foo:22
Host barjump
HostKeyAlias bar
HostName localhost
Port 8822
Then I can connect to host bar via host foo (circumnavigating a firewall that stops me from going to bardirectly) just like am connecting to it directly. E.g. in two separate shells (in this order):
$ ssh bartunnel # this sets up the tunnel
# different shell (or use -n on the last one)
$ ssh barjump # now I'm connected normally
Now is there something I could write in my ssh configuration file that I could just do this in one step? I want to simply do:
$ ssh barjump
and the tunnel should be set up for me in the background. Likewise if I close the connection the tunnel should go. Is this possible?
4 comments:
René Dudfield said...
Hi...
I saw this just the other day...
"""
My favorite nc trick of late is using it in combination with ssh_config(5)'s "ProxyCommand" directive. "ProxyCommand" tells ssh to use the specified command's stdin and stdout to communicate with the destination host, rather than establishing a TCP connection itself. For example, if I can connect to the host "bastion", and if "bastion" can connect to the host "destination", but I cannot connect directly to "destination", I can stick the following in my ~/.ssh/ssh_config file:
host destination
ProxyCommand ssh bastion nc -w 1 destination 22
"""
Anonymous said...
I suspect ProxyCommand (man ssh_config) is what you're looking for. Try something like:
Host direct_to_endpoint
User enduser
HostName endpoint
ProxyCommand ssh proxyuser@proxyhost netcat %h %p
Anonymous said...
Yes, you just created a custom setup for what ProcyCommand is designed to provide natively in openssh.
Unknown said...
ProxyCommand ssh proxyuser@proxyhost nc %h %p it is indeed.
Thanks for all the hints!
New comments are not allowed.