Pazartesi, Aralık 23, 2024

Configure OpenSSH to Tunnel Through Another Server Using Jump Host

yüksek çözünürlüklü debian logosu

Within your local ssh configuration file which is stored in .ssh/config create a SSH host entry for the server you are going to tunnel through.

Host                    ssh-proxy
HostName                proxy.mertcangokgoz.com

The host ssh-proxy server node will need the netcat package installed which
provides the nc binary.

apt install netcat

Now create another SSH host entry for the final destination server. In order
to SSH to this server, you have to SSH to the ssh-proxy node, create a
tunnel then SSH through that tunnel.

Host                    prod
HostName                ankara.mertcangokgoz.com
ProxyCommand            ssh -q -A ssh-proxy 'nc %h %p'

The important line in the final configuration item is the ProxyCommand

ProxyCommand specifies the command to use to connect to the server. %h is substituted for the hostname which is defined by the HostName directive. %p is substituted for the SSH destination port defaults to 22.

Now SSH indirectly to ankara.mertcangokgoz.com Use -v to see SSH bounce off the ssh-proxy server node.

ssh -v ankara.mertcangokgoz.com

If the bounce host, in this example being proxy.mertcangokgoz.com, was a SOCKS5 host and not a server running SSH we would use a different ProxyCommand directive.

Host                    web-server
HostName                ankara.mertcangokgoz.com
ProxyCommand            connect -R both -S proxy.mertcangokgoz.com:1080 %h %p 

The ProxyCommand above uses the connect binary which creates a connection
to a SOCKS4/5 proxy. Our SSH client will then tunnel over this SOCKS4/5 tunnel to the remote server.

Notes: Details have not been added for security reasons.