How to setup transparent multi hop ssh

Being able to connect to remote server quickly and effortlessly is very useful while managing servers. Many times server you want to connect is behind firewall or inside other subnet and there’s no direct access to it. Here’s how you setup a transparent multi hop ssh.
First network topology. For this example Im connecting through network switch to my local server 192.168.0.2 that act as firewall and DHCP. Behind that machine is my destination host 10.10.0.2.

#1: Cofigure ~/.ssh/config

Firewall host 192.168.0.2 is going to act as my gateway. Now that we know what we want to do lets configure our ~/.ssh/config file
1
2
3
4
5
6
7
8
9
10
Host firewall
    HostName 192.168.0.2
    Port 22
    User root
Host destination
    HostName 10.10.0.2
    port 22
    User root
    ProxyCommand ssh A firewall nc %h %p
This is how it works. Take a closer look at ProxyCommand inside destination host declaration. It runs ssh -A command to forward ssh-agent. After switch we relay to name of previously configured host named firewall and we run command netcat command (nc).

#2: Test multi hop ssh connection

To connect to destination server simply type in your terminal
1
ssh destination
1
2
3
4
5
6
7
ssh destination
Last login: Sun Sep  9 08:42:34 2012 from firewall
OpenBSD 5.1 (GENERIC) #160: Sun Feb 12 09:46:33 MST 2012
#exit
Connection to 10.10.0.10 closed.
Killed by signal 1.
If you like me you probably want to get rid of that killed by signal message. It happens when netcat command exits. To silence that message you can add at the end of ProxyCommand 2>/dev/null
1
ProxyCommand ssh A firewall nc %h %p 2>/dev/null
Now when you exit you will see just connection closed message.
That was super transparent in an instant we logged on to our destination machine.
No related posts.

– See more at: http://blog.matchgenius.com/how-to-setup-transparent-multi-hop-ssh/#sthash.r5cPBcyR.dpuf

Leave a Comment

Your email address will not be published. Required fields are marked *