Forgot your password?
New user?
Views
Using ssh ProxyCommand to tunnel through two hosts
2008-06-07 14:58 | Posted by nico | Permanent Link | Netzwelt, Unix, FOSSImagine the following situation:
[You (dynamic IPN, somewhere travelling)] -> [your server] -> [gatewayserver] -> [trusted servers]
The only way to reach the trusted servers is through the gateway server, which again is only reachable from "your server".
To make life easy, ssh can easily manage this via the ProxyCommand.
My aim was to be able to do
ssh trustedserver1
on my notebook, so I do not have to login on the first server and then on the second server. The advantage of the way I describe here is, that if you have a access to "yourserver", "gatewayserver" and "trustedserver1" via public key, you will not be promped for a password.
Step one: Connect to the gateway server "directly" from the notebook
The following lines added to .ssh/config help to be able to directly login into the gatewayserver from my notebook:
host gatewayserver
user userongatewayserver
Hostname gatewayerver.fqdn
ProxyCommand ssh yourserver nc %h %p 2> /dev/null
As you can see I also had to specify a differnt username, as the one on "yourserver" is different from the one on "gatewayserver". Now I can do
ssh gatewayserver
and I can login directly to it.
Step two: Login to the trustedserver1
Logically we only need to do the same thing again to end at the trustedserver1. Be surprised, it is really that way easy! Just add the following lines to your .ssh/config:
host trustedserver1
Hostname trustedserver1.fqdn
ProxyCommand ssh gatewayserver nc %h %p 2> /dev/null
And now my aim is reached,
ssh trustedserver1
works! You can easily expand that chain with more hops.
Nice, isn't it?