I have a problem with accessing some servers we have that are behind both a VPN and a SSH jump off box. I can access them but it means SSHing to the jump off box and then SSHing from there. This is a pain for copying files, running multiple windows (yes I do know what screen is but I like multiple windows).
I have in the past solved this by setting up SSH port forwarding to the box I want to get to. However that get tedious when you want to talk to lots of boxes. So I thought - why can I use the socks5 proxy feature of SSH. In theory using the socks 5 proxy feature I can open one SSH session to the jump off box with a dynamic proxy and then configure all my other connections to go via the proxy. This will save me having to do individual port forwarding.
The easiest way to configure this is via an ssh config file (type man ssh_config for details). You need to add two sections
Host YOUR_JUMPOFF_SERVER
DynamicForward localhost:3128
Host *.YOUR_INTERNAL_SERVERS
ProxyCommand /usr/bin/nc -x localhost:3128 %h %p
Once this is done simple ssh to your jumpoff server and then you can 'directly' ssh to the servers behind it.
5 comments:
ssh -o "ProxyCommand /usr/bin/nc -x localhost:3128 %h %p" remote.host.com
I now have a shiny new bash alias:
alias pssh='ssh -o "ProxyCommand /usr/bin/nc -x localhost:3128 %h %p"'
This lets me pick and choose easily between normal ssh and proxied ssh without having to remember the netcat command.
pssh user@boxname
Thanks!
I changed the line in the ssh_config to :
ProxyCommand /bin/nc.openbsd -x localhost:3128 %h %p