Being able to connect to remote server quickly and effortlessly is very useful while managing servers. Many times server you want to connect is behind firewall or inside other subnet and there’s no direct access to it. Here’s how you setup a transparent multi hop ssh.
First network topology. For this example Im connecting through network switch to my local server 192.168.0.2 that act as firewall and DHCP. Behind that machine is my destination host 10.10.0.2.
#1: Cofigure ~/.ssh/config
Firewall host 192.168.0.2 is going to act as my gateway. Now that we know what we want to do lets configure our ~/.ssh/config file
This is how it works. Take a closer look at ProxyCommand
inside destination host declaration. It runs ssh -A command to forward ssh-agent
. After switch we relay to name of previously configured host named firewall and we run command netcat command (nc).
#2: Test multi hop ssh connection
To connect to destination server simply type in your terminal
If you like me you probably want to get rid of that killed by signal message. It happens when netcat command exits. To silence that message you can add at the end of ProxyCommand 2>/dev/null
Now when you exit you will see just connection closed message.
That was super transparent in an instant we logged on to our destination machine.