OpenBSD Journal
Home : : Add Story : : Archives : : About : : Create Account : : Login :
Stupid SSH Tricks: ProxyCommand
Contributed by merdely on Tue Sep 25 18:07:48 2007 (GMT)
from the ssh-is-teh-awesome dept.

Suppose there is an SSH server inside a remote network that does not have its SSH port exposed to the Internet (named "internal.hostname.tld"). If there is an SSH gateway host that you can SSH to (that has the ability to reach "internal"'s SSH port), you can use the netcat (nc(1)) command with ProxyCommand in ~/.ssh/config to proxy your SSH session to "internal" through "gateway". Read on for more details.

Submit your own Stupid Open{BSD,SSH} Tricks.

Put the following entry in your ~/.ssh/config file:

Host internal.hostname.tld internal
  User          merdely
  HostName      internal.hostname.tld
  ProxyCommand  ssh merdely@gateway.hostname.tld nc %h %p 2> /dev/null

Then, make connect to "internal" as if you could directly: ssh internal.hostname.tld

The ~/.ssh/config entries are:

  • Host: Defines for which host or hosts the configuration section applies. The section ends with a new Host section or the end of the file.
  • User: Defines the username for the SSH connection. Useful if your username on the remote host is different from your local username.
  • HostName: Defines the literal hostname for the remote server. Useful if a nickname for the host is used in the Host line.
  • ProxyCommand: Specifies the proxy command for the connection. This command is launched prior to making the connection to Hostname. %h is replaced with the host defined in HostName and %p is replaced with 22 or is overridden by a Port directive. "2> /dev/null" prevents nc's "Killed by signal 1." message when it exits.
For more information about ssh client configuration options, see ssh_config(5).

[topicopenssh]

<< Setting up a Soekris 5501 with OpenBSD 4.2 | Reply | Flattened | Expanded | OpenSSH Turns 8 Today >>

Threshold: Help

Related Links
more by merdely


  Re: Stupid SSH Tricks: ProxyCommand (mod 4/44)
by jb (jb) (jb@caustic.org) on Tue Sep 25 18:26:56 2007 (GMT)
  All this time, I've just been using ssh -L for that specific problem.
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: Stupid SSH Tricks: ProxyCommand (mod 0/32)
by Anonymous Coward (143.209.103.37) on Tue Sep 25 19:26:29 2007 (GMT)
  Very slick....I like it!
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Stupid SSH Tricks: AutoMaster (mod 0/30)
by dbt (208.116.167.12) (dbt@meat.net) on Tue Sep 25 20:02:15 2007 (GMT)
http://meat.net/
  I'm sure that this should be frowned on for some reason, but all of my personal machines get this at the top of the .ssh/config:

host *
controlmaster auto
controlpath ~/.ssh/sock/%r@%h:%p
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: Stupid SSH Tricks: ProxyCommand (mod 10/34)
by Anonymous Coward (84.56.91.236) on Tue Sep 25 22:52:48 2007 (GMT)
  I know that things like this can be accomplished easier with rsync in the meantime, but once in a while I still need this kind of construct:

tar czf - thisdirectory/ | ssh mob@argh "cd wtf; tar xzf -"

Transferring single directories is easy this way. Shovelling images over ssh is not much different. Target-partition should be a bit larger, of course. Mr. Calculator, disklabel and growfs are your friends. This is ok for cloning, otherwise way too tedious:

dd if=/dev/sd0i bs=512 | ssh root@argh "dd of=/dev/sdb"

Hubert Feyrer used something very similar with his "Ghost for UNIX" (G4U) cloning stuff. Dump/restore might be the better alternatives.

To backup images only (backup the MBR too):

dd if=/dev/sd0i | ssh root@argh "gzip -9 > backup-sd0i.dd.gz"


  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: Stupid SSH Tricks: ProxyCommand (mod -1/37)
by Siju Oommen George (122.166.40.36) (sgeorge.ml@gmail.com) on Tue Sep 25 23:54:43 2007 (GMT)
  Is there no way to stop this at the gateway? No counter trick?
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Make nc timeout on the gateway (mod 11/37)
by niebie (141.5.20.93) on Wed Sep 26 08:35:22 2007 (GMT)
  Very neat trick. But I noticed one problem in my setup: the nc processes on the gateway were not killed after the ssh connection was closed. After a while some resource limit kicked in and I couldn't connect anymore until I killed the nc processes manually on the gateway.

The solution: give the nc in ProxyCommand the option -w so it times out after a while (10 seconds works fine for me).

ProxyCommand ssh me@my.gateway.tld nc %h %p -w 10 2> /dev/null
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: Stupid SSH Tricks: ProxyCommand (mod -6/38)
by 89385318573! (80.249.194.29) on Wed Sep 26 15:08:51 2007 (GMT)
 
$ /usr/bin/calendar | grep OpenSSH
Sep 26  OpenSSH born, Sunday 11:56 MST, 1999
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  or use chainssh for this. Re: Stupid SSH Tricks: ProxyCommand (mod 3/33)
by Anonymous Coward (141.113.86.23) on Thu Sep 27 10:19:10 2007 (GMT)
  or use chainssh for this.

chainssh is a shell script to smplify the ssh login via multiple sshgateways/firewallgateaways.

http://chainssh.sourceforge.net/
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: Stupid SSH Tricks: ProxyCommand (mod -2/28)
by RC (71.116.240.29) on Sun Sep 30 02:52:13 2007 (GMT)
  TightVNC's -via option makes this kind of thing much simpler.

ie. $ vncviewer -via merdely@gateway.hostname.tld internal

No brain-power required. No need to come up with convoluted invocations of nc.

Personally, in such situations, I'd rather just put a port-forwarding ssh script on the internal machine (ssh -R), tunneling through the firewall to my own remote system. No need to depend on that gateway host...
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: Stupid SSH Tricks: ProxyCommand (mod -6/18)
by Achex (206.248.137.45) on Thu Feb 20 16:24:48 2014 (GMT)
  you can use ssh -q option instead of 2>/dev/null ...
(-q = quiet option)
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Jual Laptop Notebook PC HP Lenovo Printer Tinta Toner Epson Murah (mod 0/2)
by Atwood (182.182.90.166) (zanrnozm@imgof.com) on Wed Dec 7 15:26:40 2016 (GMT)
Aubrey
  There are plenty of dissertation online websites from the internet reside pick up unsurprisingly known in the websites. Jual laptop
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  No Subject Given (mod 1/1)
by Atwood (45.116.232.51) (zanrnozm@imgof.com) on Sun Dec 11 10:55:27 2016 (GMT)
Aubrey
  Being a foreigner I was unsure what to go with. Either a desert safari or cruise. anyways I opted for safari tour. It was amazing it made my trip worth it
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  No Subject Given (mod -1/3)
by Davidq (188.226.226.40) (zydgqzay@imgof.com) on Sun Dec 11 13:32:03 2016 (GMT)
  I did so practical experience reviewing reports and also assessments embraced listed here. They can be easily fantastic there are actually a substantial amount of valuable awareness. Trasteos Bogota
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: Stupid SSH Tricks: ProxyCommand (mod 1/1)
by Atwood (178.62.43.135) (zanrnozm@imgof.com) on Sat Dec 17 15:30:27 2016 (GMT)
Aubrey
  Your site has grown a one-stop find as much as possible tutorial authoring. Thanks for your time in the very good get the job done. As i tested the online sites one preferred and even On the net which will best-dissertation. pores and skin look though. Ones own get the job done is kind of exemplary. Lexington Code
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: Stupid SSH Tricks: ProxyCommand (mod 2/2)
by Atwood (178.62.43.135) (zanrnozm@imgof.com) on Sat Dec 17 15:35:10 2016 (GMT)
Aubrey
  At blogs on-line, I enjoy analyzing your business opportunity quite possibly the most; one provide you with a lot of tips within a small-scale chunk. My group is hunting for and even considering the fact that you now have the core designed for tutorial authoring, As i calculated you may choose to time all of us with the best guidance. On earth do you allow? High Frequency Trader
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  No Subject Given (mod 2/2)
by Alex (46.101.40.25) (davidwilcox09@gmail.com) on Tue Dec 20 13:59:50 2016 (GMT)
  That's the reason why it is better you need to focused explore prior to when making. Will also be possible for you to more suitable content this fashion. u channel shower
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  No Subject Given (mod 2/2)
by AAdu (182.182.60.218) (davidwilcox09@gmail.com) on Wed Dec 21 11:46:56 2016 (GMT)
  Craft alot more articles and reviews in this particular area you now have the ideal approach to help you support writters. How To Make Money
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  No Subject Given (mod 2/2)
by Harper (182.182.58.113) (zgtsqylc@eelmail.com) on Sat Dec 24 11:10:41 2016 (GMT)
Manning
  DDNK.CZ byl vždy tam pro své klienty Viděl jsem mnoho projektů stavba domu, s nějakým druhem nejlepší kvality uspokojování potřeb svých klientů, To je jeden z nejlepších bydlení místě jsem byl na.
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  No Subject Given (mod 2/2)
by Harper (182.182.36.200) (zgtsqylc@eelmail.com) on Sun Jan 8 09:53:20 2017 (GMT)
Manning
  wow what a great post is this... thanks for sharing boss, keep share these valuable content. songs pk
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  No Subject Given (mod 2/2)
by Harper (182.182.3.8) (zgtsqylc@eelmail.com) on Mon Jan 9 14:59:55 2017 (GMT)
Manning
  Everything you comprehended will be proper, comprehend that you must crack the particular connection among present concrete floor and also fresh. You need to be cautious once you handle the particular concrete floor on the surfaces, due to the fact normally there exists a possiblity to crack. It will always be far better to obtain the aid of your specialist. BO Millionaire
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: Stupid SSH Tricks: ProxyCommand (mod 1/1)
by Maisy Rose (182.182.6.251) (adasdasds@gmail.com) on Fri Jan 20 07:04:54 2017 (GMT)
  I hate to see my cat peeing on clothes and towels and there seems no end to it. She is ruining my clothes and towels, I was so fed up, looked up at several sites implemented what they share but nothing ever helped. I will surely look try to make some comforting changes at place. Whenever there are household changes cat pee is obligatory I think, I hope to make changes soon.
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: Stupid SSH Tricks: ProxyCommand (mod 1/1)
by Kaitlin Fleming (182.182.116.152) (zeeshantapra@yahoo.com) on Sat Jan 21 08:18:19 2017 (GMT)
  I would also motivate just about every person to save this web page for any favorite assistance to assist posted the appearance. http://www.6em-sens.fr/
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: Stupid SSH Tricks: ProxyCommand (mod 1/1)
by Jose Boyer (182.182.116.152) (ztyijnmv@tafmail.com) on Sat Jan 21 08:53:16 2017 (GMT)
  I should say only that it's awesome! The blog is informational and always produce amazing things. taux livret A
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: Stupid SSH Tricks: ProxyCommand (mod 1/1)
by Jackie Roberts (45.116.233.45) (adasdasds@gmail.com) on Sat Jan 21 10:45:30 2017 (GMT)
  The excellent post went ahead and bookmarked your site. I can’t wait to read more from you. Cogni Trade
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  No Subject Given (mod 1/1)
by Davidq (45.116.233.45) (zydgqzay@imgof.com) on Sat Jan 21 11:11:27 2017 (GMT)
  free followers instagram I’m any sucker regarding a lot of the content, My partner and i totally savored, I might actually favor a lot more info relating to this kind of, considering that it really is great., Congrats designed for submitting. get more likes on instagram
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: Stupid SSH Tricks: ProxyCommand (mod 1/1)
by Isabelle Walker (45.116.233.45) (yusmabano@gmail.com) on Sat Jan 21 11:14:35 2017 (GMT)
  You are allowed to post names, but not links, unless they are approved and on the topic. Rubix Project
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: Stupid SSH Tricks: ProxyCommand (mod 1/1)
by Kolten Stafford (45.116.233.45) (jazbajanoon@outlook.com) on Sat Jan 21 11:57:09 2017 (GMT)
  This article gives the light in which we can observe the reality. This is very nice one and gives in-depth information. Thanks for this nice article. Leaked Profits
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: Stupid SSH Tricks: ProxyCommand (mod 2/2)
by Liberty Wheeler (182.182.65.45) (adasdasds@gmail.com) on Sun Jan 22 11:22:52 2017 (GMT)
  Extraordinary, This particular net page is genuinely exciting and delight to learn. I'm a colossal fan from the subjects specified. Vena System
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: Stupid SSH Tricks: ProxyCommand (mod 1/1)
by Clem Johnston (182.182.65.45) (ztyijnmv@tafmail.com) on Sun Jan 22 12:29:55 2017 (GMT)
  This content is simply exciting and creative. I have been deciding on an institutional move and this has helped me with one aspect. Rubix Project
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  No Subject Given (mod 1/3)
by Alex (182.182.65.146) (davidwilcox09@gmail.com) on Fri Jan 27 16:00:35 2017 (GMT)
  Rapidly this kind of fantastic web site will surely unquestionably often be well-known amongst many creating any website people, for your meticulous articles along with testimonies. translation web
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: Stupid SSH Tricks: ProxyCommand (mod 1/1)
by mxffiles (218.11.246.179) on Tue Feb 7 07:09:30 2017 (GMT)
  This is a very good post which I really enjoy reading. It is not every day that I have the possibility to see something like this. Software mxf Software mxf converter free download to convert HD camcorder files. ts converter convert ts video files to avi, mp4, wmv, mov mts to avi mp4 mov mkv iMovie, FCP/FCE with mts converter, so to convert mts files for your PC and mobiles. mod converter and convert tod files just free download mod video converter. m2ts
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: Stupid SSH Tricks: ProxyCommand (mod 0/2)
by Anonymous Coward (59.95.74.98) on Mon Feb 13 10:48:15 2017 (GMT)
  You can avoid this if you remove the SSH protocol from this system. It is outdated and people don't need it anymore. Our computers are not safe anyway. Why do we need such things to slow down our computer? professional makeup artist
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  No Subject Given (mod 0/0)
by Davidq (128.199.165.82) (zydgqzay@imgof.com) on Tue Mar 21 21:58:06 2017 (GMT)
  Rapidly this kind of internet site can easily unquestionably recognition among virtually all blogging and site-building and also site-building individuals, to be able to the meticulous content or simply opinions. online writing service
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: Stupid SSH Tricks: ProxyCommand (mod 0/0)
by Taylor Shaw (107.175.34.9) (taylorshaw151@gmail.com) on Fri Mar 31 08:51:56 2017 (GMT)
  I think this post will be a reference to all computer science students. Expecting more source codes like these. I would like to thank the author for sharing this source code. This post offered a lot of SSH Tricks and proxy commands. small manufactured homes
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: Stupid SSH Tricks: ProxyCommand (mod 0/0)
by rozi (2606:f180:2:1c5:1c5:4fac:87d5:20dc) on Fri Jun 30 16:29:54 2017 (GMT)
  Awesome dispatch! I am indeed getting apt to over this info, is truly neighborly my buddy. Likewise fantastic blog here among many of the costly info you acquire. Reserve up the beneficial process you are doing here. Free movies online
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: Stupid SSH Tricks: ProxyCommand (mod 0/0)
by rozi (2606:f180:2:1c5:1c5:4fac:87d5:20dc) on Fri Jun 30 16:30:14 2017 (GMT)
  Hmm… I interpret blogs on a analogous issue, however i never visited your blog. I added it to populars also i’ll be your faithful primer. watch series free online
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: Stupid SSH Tricks: ProxyCommand (mod 0/0)
by rozi (2606:f180:2:1c5:1c5:4fac:87d5:20dc) on Fri Jun 30 16:30:28 2017 (GMT)
  it's really nice and meanful. it's really cool blog. Linking is very useful thing.you have really helped lots of people who visit blog and provide them usefull information. Free movies online
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: Stupid SSH Tricks: ProxyCommand (mod 0/0)
by Ellen (107.150.65.12) (elllensmith15@gmail.com) on Wed Jul 5 12:19:54 2017 (GMT)
  I would like to thank the author for sharing this source code. This post offered a lot of SSH Tricks and proxy commands. I think this post will be a reference to all computer science students. Expecting more source codes like these. click this link here now
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: Stupid SSH Tricks: ProxyCommand (mod 0/0)
by jamesjack (43.230.92.120) on Wed Jul 12 06:16:25 2017 (GMT)
  Took me time to understand all of the comments, but I seriously enjoyed the write-up. It proved being really helpful to me and Im positive to all of the commenters right here! Its constantly nice when you can not only be informed, but also entertained! I am certain you had enjoyable writing this write-up. Send flowers to brazil
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: Stupid SSH Tricks: ProxyCommand (mod 0/0)
by ali (45.116.233.16) on Thu Jul 13 10:35:25 2017 (GMT)
  You bear through a awesome vacancy. I sanity definitely quarry it moreover personally suggest to my buddys. I am self-possessed they determination be benefited from this scene. 123movies
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: Stupid SSH Tricks: ProxyCommand (mod 0/0)
by ali (45.116.233.16) on Thu Jul 13 10:38:20 2017 (GMT)
  Within this webpage, you'll see the page, you need to understand this data. New Movies
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: Stupid SSH Tricks: ProxyCommand (mod 0/0)
by ali (45.116.233.16) on Thu Jul 13 10:40:17 2017 (GMT)
  Gives you the best website address I know there alone you'll find how easy it is. Cinema Movies
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: Stupid SSH Tricks: ProxyCommand (mod 0/0)
by ali (45.116.233.16) on Thu Jul 13 10:42:50 2017 (GMT)
  Here you will learn what is important, it gives you a link to an interesting web page: TV Series Free
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: Stupid SSH Tricks: ProxyCommand (mod 0/0)
by jamesjack (43.230.93.153) on Sat Jul 22 09:25:49 2017 (GMT)
  Crucial online marketing you just it applies seek before submission. It will probably be simple and easy to jot down advanced write-up which. renta de oficinas
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: Stupid SSH Tricks: ProxyCommand (mod 0/0)
by jamesjack (43.230.95.77) on Sun Jul 23 08:51:52 2017 (GMT)
  Such a very useful article. Very interesting to read this article.I would like to thank you for the efforts you had made for writing this awesome article. voyance gratuite telephone
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

[ Home | Add Story | Archives | Polls | About ]

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. Some icons from slashdot.org used with permission from Kathleen. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. Search engine is ht://Dig. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]