Transparent SSH tunnel using the ProxyCommand configuration

I’m currently working on a client that restricts the IPs allowed to SSH into their servers, of course, for security reasons. That is a PITA when you’re sick working from home and need to do something on those servers. Today this happened to me and looking for better alternatives than manually jumping to one of the boxes with access I’ve learned the SSH configuration ProxyCommand.

This is how my ~/.ssh/config Host configuration looked before:

Host client-qa01
  HostName 10.0.0.33
  IdentityFile ~/.ssh/keys/client/id_rsa_qa
  User client-qa

This is how it looks after ProxyCommand:

Host client-qa01
  ProxyCommand ssh -W %h:%p jumpbox-host
  HostName 10.0.0.33
  IdentityFile ~/.ssh/keys/client/id_rsa_qa
  User client-qa

where jumpbox-host is the machine with access to the client’s server.

The command ssh -W comes since OpenSSH 5.4 and works similarly to netcat, it establishes an SSH tunnel between my local machine and jumpbox-host.

With this configuration instead of manually ssh’ing to jumpbox-host and later ssh’ing to the target client server I can simply “ssh client-qa01” and SSH will transparently connect to the client’s server through jumpbox-host.

Useful, huh? :)