Transparent SSH tunnel using the ProxyCommand configuration17 Jul 2012
I’m currently working on a client that restricts the IPs allowed to SSH into their servers, of course, for security reasons. That is a PITA when you’re sick working from home and need to do something on those servers. Today this happened to me and looking for better alternatives than manually jumping to one of the boxes with access I’ve learned the SSH configuration ProxyCommand.
This is how my ~/.ssh/config Host configuration looked before:
Host client-qa01 HostName 10.0.0.33 IdentityFile ~/.ssh/keys/client/id_rsa_qa User client-qa
This is how it looks after ProxyCommand:
Host client-qa01 ProxyCommand ssh -W %h:%p jumpbox-host HostName 10.0.0.33 IdentityFile ~/.ssh/keys/client/id_rsa_qa User client-qa
where jumpbox-host is the machine with access to the client’s server.
The command ssh -W comes since OpenSSH 5.4 and works similarly to netcat, it establishes an SSH tunnel between my local machine and jumpbox-host.
With this configuration instead of manually ssh’ing to jumpbox-host and later ssh’ing to the target client server I can simply “ssh client-qa01” and SSH will transparently connect to the client’s server through jumpbox-host.
Useful, huh? :)