![[setec astronomy]](/graphics/sa/sa.png){kind=small}
OpenSSH 5.4 and bastion hosts
Posted by nuxi on 2010-Mar-20 at 23:36:53 in Computers (Login to reply)
So a few of the networks I have access to require me to SSH into a specific machine to gain access to the network. Previously I used a command like this:
ssh -t bastion.example.net ssh internal.example.net
Now SSH has long had a ProxyCommand so that it could route its traffic through the standard I/O of another program. The trouble is that SSH itself was not capable of acting as this other program. Then I saw this in the OpenSSH 5.4 release notes:
* Added a 'netcat mode' to ssh(1): "ssh -W host:port ..." This connects
stdio on the client to a single port forward on the server. This
allows, for example, using ssh as a ProxyCommand to route connections
via intermediate servers. bz#1618
Here is the .ssh/config file for those who are lazy:
Host internal.example.net
ProxyCommand ssh -qW %h:%p bastion.example.net
Now I can log in with just:
ssh internal.example.net
Bonus? scp works over this just fine.