5

I have a laptop that can obviously be inside or outside of my home network at times. When I need to SSH into a machine inside of my network, the connection is fairly straightforward:

localhost $ ssh machinelearning

When I'm trying to access the machine from outside of my network, I then need to connect to my router, then SSH from there:

localhost $ ssh router.mytotallyuniquedomain.com
router $ ssh machinelearning

I remember there being a shortcut for doing the latter command in ~/.ssh/config, but at the moment I can't remember what it is.

Is there a way for me to supply multiple hostnames or types of connections so that when I do this:

$ ssh machinelearning

SSH will first attempt to connect to the machinelearning host in the local network and then attempt to tunnel in through router.mytotallyuniquedomain.com, all without me having to type out the long hostname?

Naftuli Kay
  • 39,676
  • Pretty sure this isn't a duplicate as it's specifically asking how to do this from a configuration point of view, namely "how do I proxy connect to a host via a Host directive in ~/.ssh/config?" – Naftuli Kay Mar 31 '14 at 16:42

1 Answers1

4

Method #1 - ProxyCommand & netcat

I use this setup in my $HOME/.ssh/config to facilitate this:

Host intserver1-o intserver2-o intserver3-o
    ProxyCommand ssh userR@extserver.mydom.com nc `echo %h|sed 's/-o//'` %p

I then can ssh intserver2-o from where ever and I get into this internal server. When at home on the LAN I use ssh intserver1.

NOTE: The trick above requires netcat (nc) installed on the extserver1.

Method #2 - nested ssh

Alternatively you can use this method as well:

$ ssh -t -l gatewayuser gatewayserver "ssh -l serveruser internalserver"

You're basically nesting SSH calls in this method.

Method #3 - ProxyCommand & ssh -W

With newer versions of SSH (5.4+) you can use ssh instead of nc via the -W switch.

Host TARGETHOST
ProxyCommand ssh -W %h:%p PROXYHOST

The %h & %p are macros for the host name port that were used for TARGETHOST.

slm
  • 369,824