Wednesday, February 15, 2012

Configuring SSH: Transparent Multihop Connections

OpenSSH, the client that comes with most Unix/Linux systems, provides the capability for proxying through one ssh server to another. This is a completely client side configuration.

  1. Setup your Secure Passwordless Login for ssh.
  2. Open your ssh config for editing. ie. vim ~/.ssh/config
  3. Add a host entry for the servers you want to access through the ssh proxy.
ForwardAgent yes
Host gateway0?
        HostName %h.domain
Host *.domain !gateway0?
        ProxyCommand ssh gateway01.domain exec nc %h %p

Now you should be able to login to internal servers transparently from your workstation. This will hold true for interactive ssh, sftp, and scp.

§