Friday, March 14, 2014

How to setup transparent multi hop ssh

Being able to connect to remote server quickly and effortlessly is very useful while managing servers. Many times server you want to connect is behind firewall or inside other subnet and there’s no direct access to it. Here’s how you setup a transparent multi hop ssh.
First network topology. For this example Im connecting through network switch to my local server that act as firewall and DHCP. Behind that machine is my destination host

#1: Cofigure ~/.ssh/config

Firewall host is going to act as my gateway. Now that we know what we want to do lets configure our ~/.ssh/config file
This is how it works. Take a closer look at ProxyCommand inside destination host declaration. It runs ssh -A command to forward ssh-agent. After switch we relay to name of previously configured host named firewall and we run command netcat command (nc).

#2: Test multi hop ssh connection

To connect to destination server simply type in your terminal
If you like me you probably want to get rid of that killed by signal message. It happens when netcat command exits. To silence that message you can add at the end of ProxyCommand 2>/dev/null
Now when you exit you will see just connection closed message.
That was super transparent in an instant we logged on to our destination machine.

- See more at:

No comments:

Post a Comment