[TriLUG] ssh 'through' a firewall

[Magnus Hedemark]

Douglas Kojetin wrote:

> is there a shortcut i can take so that i don't ssh twice?  i've setup 
> aliases and 'no-password authentication' to ease things, but it would 
> be nice to do the above in one command if possible.


I see a bunch of answers but I'm doing something a little different.  
Let's see if this helps you.

First, you need to have netcat (nc) installed on your ssh "proxy" host.

Next you need an ~/.ssh/config file on your client host.  I do this with 
key-based authentication (no passwords!) and agent forwarding.  Let's 
assume alice is your ssh "proxy" server and "bob" is a machine behind 
the firewall that you would like to ssh into.  Here's what your 
~/.ssh/config might contain:

host alice
  ForwardAgent yes
  User magnus
  PubKeyAuthentication yes
  Hostname alice.example.com
  IdentityFile ~/.ssh/id_dsa
  PasswordAuthentication no
  Protocol 2
host bob
  User magnus
  PubKeyAuthentication yes
  Hostname bob.example.com
  IdentityFile ~/.ssh/id_dsa
  PasswordAuthentication no
  Protocol 2
  ProxyCommand ssh alice nc %h 22

Now from your client machine just run "ssh bob" and transparently to 
you, it will ssh into alice first and hop from alice to bob.

More info on netcat:
http://freshmeat.net/projects/netcat/