Proxy SSH

June 13, 2015

There was a post on my own blog in February about how to log in directly to lab machines, hopping through Lee in a transparent way. Proxy SSH was described in this helpful article. It consists of running “nc” (netcat) on one machine to pass all of the ssh connection onto another machine.

It depends on public-key authentication and a behind-the-scenes proxy authentication so you don’t have to log in twice. Using the .ssh/config file to automate the details, once setup you don’t even see the proxy.

Suppose:

  • Your login name is pikachu;
  • and created a key pair id_rsa_pikachu/id_rsa_pikachu.pub;
  • you wish to proxy through lee to get to shiloh.

Add id_rsa_pikachu.pub to lee:~/.ssh/authorized_keys. Since shiloh and lee share your home directory, shiloh now knows this public key as well. In the .ssh/config on your local machine, add:


Host shiloh
ProxyCommand ssh -o StrictHostKeyChecking=no lee nc %h 22
User pikachu
IdentityFile ~/.ssh/id_rsa_pikachu

Host lee
HostName lee.cs.miami.edu
User pikachu
IdentityFile ~/.ssh/id_rsa_pikachu

Then from you local machine log into shiloh with “ssh shiloh”. As a bonus, scp’s such as scp this-file shiloh:that-file will work as well.

posted in Uncategorized by admin

 
Powered by Wordpress and MySQL. Theme by Shlomi Noach, openark.org