Tuesday, September 25, 2007

Quick SSH Tip: ProxyCommand

Here's a quick tip for OpenSSH:

Suppose there is an SSH server inside a remote network that does not have its SSH port exposed to the Internet (named "internal.hostname.tld"). If there is an SSH gateway host that you can SSH to (that has the ability to reach "internal"'s SSH port), you can use the netcat (nc(1)) command to Proxy your SSH session to "internal" through "gateway".

Put something like the following in your ~/.ssh/config (or /etc/ssh/ssh_config):

Host internal.hostname.tld internal
  User          merdely
  HostName      internal.hostname.tld
  ProxyCommand  ssh merdely@gateway.hostname.tld nc %h %p 2> /dev/null

Then, make connect to "internal" as if you could directly: ssh internal.hostname.tld