4

I'm frequently transferring files and operating programs via ssh, and often from home. The machine I usually work on is a desktop at work that I cannot ssh to directly unless I'm already connected to the department network. Thus if I'm at home, I must ssh to my department's network first and then to my desktop, ie

ssh username@departmentnetwork and then ssh username@desktop-departmentnetwork

This setup means that if I am to transfer files from home, I must scp the files to my drive on the department network, ssh in to the department network, then scp the files again to my desktop.

Is there a way to use any or all of ssh, scp, and sshfs to connect to a 'network within a network'?

slm
  • 369,824
Moriarty
  • 153
  • 1
    Can you connect from desktop-departmentnetwork to your home via ssh? – rendon Jul 22 '13 at 01:01
  • I suppose I could as I have full admin and internet access on my laptop, but I wouldn't need to do that. My laptop travels with me to and from work. My desktop just does the grunt work for CPU intensive tasks. It helps to be able to monitor jobs and tweak code from wherever I am, though. – Moriarty Jul 22 '13 at 11:00

2 Answers2

5

You can use the ProxyCommand you can setup ssh so that it will connect to a "gateway" system and then connect to a secondary system that's behind the "gateway" system.

Host internal-host
    User sam
    IdentityFile ~/.ssh/id_rsa
    ProxyCommand ssh user@gateway nc internal-host.somedom.com %p

This technique makes use of the tool nc to act as a connector. How it works is thoroughly covered here in this article titled: Transparent Multi-hop SSH.

The other trick that I use is to add a ControlMaster to my setup so that once I'm authenticated I can "recycle" this and not have to keep re-authenticating additional connections.

Host *
ControlMaster auto
ControlPath ~/.ssh/master-%r@%h:%p

Lots of hosts

If you have multiple internal hosts you can use special variables that are avabile to you in your ~/.ssh/config file to pick up the hostname (%h) and port (%p).

Host host1 host2 host3
  User          internal-user
  ProxyCommand  ssh external-user@gateway.hostname.tld nc %h %p

This will allow you to ssh host1 from your system and connect to host1.

References

slm
  • 369,824
1

The method @slm suggested is a good method. If you want to learn another method than it can be done by ssh tunnel also:

ssh -t -l gatewayuser -L9997:127.0.0.1:9998 gatewayserver "ssh -l serveruser -D9998 -N internalserver"

Kindly ignore the poor diagram :)

enter image description here

slm
  • 369,824
Sharad Chhetri
  • 49
  • 2
  • This method is discussed in the link I provided: http://sshmenu.sourceforge.net/articles/transparent-mulithop.html. – slm Jul 22 '13 at 11:57