Christoph, belier really looks like a hack. It’s easy to use ProxyCommand to connect to hosts using several hops.
Let’s say that you want to connect to host c, which can only be reached from host b, which can only be reached from host a. It’s as simple as doing:
Host a User logina Host b ProxyCommand ssh a nc -q 1 b 22 User loginb Host c ProxyCommand ssh b nc -q 1 b 22 User loginc
And of course, it just works with scp, rsync, and everything ssh-based.
It cannot auto-login using passwords, but I’m not sure that having passwords in clear text is a good idea either;)
Since 5.4 you can do the netcat bit inside ssh with -W
Host a
User logina
Host b
ProxyCommand “ssh -W b:22 a”
User loginb
Host c
ProxyCommand “ssh -W c:22 b”
User loginc
That’s great! thanks!
Thank you for the -W information! Makes it much easier for me to bounce through a firewall host to a compute node.
I had to remove quotes from ProxyCommand.
ssh rocks!
Regards,
The mind is the limit. As long as the imagination can envision the fact that you can do something, you can do it
Just found out you can do this with Putty (if you are stuck on windows):
Use a local proxy, and in the proxy command use something like:
C:\Path\to\plink\plink.exe user@host-A nc -q 1 host-B 22
If you have all of your hosts preconfigured in putty, you should be able to chain them with -load.
Does anyone know why running this gives me this error?
nc: getaddrinfo: Name or service not known
ssh_exchange_identification: Connection closed by remote host
Is there any reason why you use -q 1 to netcat?
I’ve also seen people claiming they need to use -w 1, or nc processes are not killed on the gateway host, but I haven’t seen such problems.
I think that it depends on the implementation of netcat that you are using.
This is good post. Thank you very much for the quality information provided! I was looking for this entry for quite some time, but I wasn’t able to find a reliable source.