Ping a Specific Port

Question

sanity

Asked: 2009-08-26 05:13:45 +0800 CST2009-08-26 05:13:45 +0800 CST 2009-08-26 05:13:45 +0800 CST

Tunnel an ssh connection through an intermediate machine in a single command

772

Is there a way, in a single command, to establish a ssh connection from my computer A, through computer B, to computer C, such that I have access to the shell on computer C?

A wrinkle (which seems to rule out simply forwarding the ssh connection using the -L option) is that I have the password to the account on computer B, and the account on computer B is authorized to connect to the account on computer C, but I do not have the password to the account on computer C.

4 Answers

Voted

af. · Answer 1 · 2009-08-26T05:19:42+08:00

Best Answer

af.

2009-08-26T05:19:42+08:002009-08-26T05:19:42+08:00

I understood that you want just to log in to the computer C, not really tunnel anything from A to C. So, this should do the trick:

ssh -t computer-b "ssh computer-c"

You might have to enter passwords twice, first for computer B and then for computer C, but this can be avoided by using ssh's key-pair authentication.

8

Amandasaurus · Answer 2 · 2009-08-26T05:37:58+08:00

Amandasaurus

2009-08-26T05:37:58+08:002009-08-26T05:37:58+08:00

You probably want to use SSH's ProxyCommand: http://benno.id.au/blog/2006/06/08/ssh_proxy_command

0

Amandasaurus · Answer 3 · 2009-08-26T06:20:54+08:00

Amandasaurus

2009-08-26T06:20:54+08:002009-08-26T06:20:54+08:00

If you're using ssh keys, you could generate a new key for machine B and use that to connection from A to B. On machine B, you can add

command="ssh C" ssh-....

in the ~/.ssh/authorized_keys file. That means that whenever you connect to B with that ssh key, it will execute the ssh C command.

I don't know if this works with scp.

0

Sam Gleske · Answer 4 · 2016-07-25T21:59:49+08:00

Use `ProxyCommand`

See man ssh_config. I recommend making use of ProxyCommand. Let's take your original scenario:

Computer A (your computer)
Computer B (a proxy hostname)
Computer C (only reachable via SSH from Computer B)

Edit ~/.ssh/config with the following contents.

Host computerb
    HostName <hostname or IP of Computer B>

Host computerc 192.168.35.*
    ProxyCommand ssh computerb nc -w 180 %h %p

Now you'll be able to transparently reach Computer C. e.g.

ssh computerc

Advantages of this method

More secure

You only need your private key to be on Computer A (your computer). The nc command will act as a proxy in which SSH will encrypt traffic through. This includes authentication. It is a very bad idea to distribute your private key to multiple servers (as any compromised server with your private key ultimately compromises your private key).

Matches Multiple destinations

One can match multiple destination computers using Host. A single computer or any computer within a specific network (e.g. 192.168.35.0/24 in the above example) to proxy through Computer B. It also serves as an alias.

ssh 192.168.35.27

In the above example, it will proxy through Computer B to get to the IP address.

Daisy chain proxies

Using this method you can daisy chain as many automatic proxies as necessary. e.g. you can add a Computer D which is only reachable from Computer C and it will work transparently.