Software Development with Linux

SSH cascading

TUE, 01 JUN 2010

I've just discovered an amazing SSH feature today. If you've already been in the same situation, this trick will interest you.

The problem was : How can I SSH into boxA and automatically SSH into boxB from there? This is a situation where you can't connect directly to boxB, which is only accessible from boxA. If you have to do that often, you get tired of always doing two SSH to get there.

After some research, I found the ProxyCommand option of SSH. While this option seems to allow you to do many things, the most simple usage (and the one I was interested in) is to add, in ~/.ssh/config, something like this :
Host boxB
ProxyCommand ssh boxA exec nc -q 0 %h %p
This will allow you to ssh to boxB directly. Isn't it cool?

One thing to remember is, if you're using public/private keys instead of password authentication, it's the public keys one your own PC that will be used, not those on boxA. This means that you will want to have your user's public key on your PC copied in the .ssh/authorized_keys of your user in boxB.