Secure Shell (SSH) is a network protocol for secure data communication, mainly used to administer remote Unix / Linux servers via command line. But it also allows the user to open a secure tunnel between a client and a server where he can send any kind of network traffic through.
Many customers I work for are using a SSH hop server that is sitting behind a firewall. The hop server is the main point of entry to a certain network area, similar to a proxy.
The firewall is configured with port forwarding to forward any SSH requests directly to a specific hop server. From there you can then connect via SSH to another host in order to remotely administer that server via command line. This kind of setup allows the administrator to more effectively control who and from where people can connect to a server.
If you need to do quite a lot of work on the remote servers that are sitting behind the hop server, it can get quite annoying to go through all the steps to connect, because for every connection you would need to connect first to the hop server and then connect to the desired remote server. It gets a bit more complicated if you try to send files from your client directly to the remote server, as you would need to send the file first to the hop server and from there to the remote server. Especially for bigger files you may not want to store them on the hop server first.
OpenSSH has some very nice features where it will use the hop server as a SSH proxy.
Prerequisites
Access to an ssh hop server
nc or netcat has to be installed on the hop server
Overview
On your client create a new file called ~/.ssh/config with the following content
We have specified the hop server amberJump that is being connected through the firewall. Then we have specified three hosts that should be redirected through amberJump.
The ProxyCommand nc (or netcat) is a command to redirect TCP connections.
Now you can just SSH / SCP directly to your alias:
You can speed up the connection process if you enable the "reuse existing connections". This means that only the first time you connect to serverB will it take a few seconds longer. As long as this connection stays open, all new connections will be much more quickly be connected.
Now put the following lines to your ~/.ssh/config file just below the User amber
If you would like to keep track of all your SSH connections, then you need to add the last two lines on the very top of your file. You can repeat the two lines and add them in any host section you want if you want to use different files.
What have we achieved? Well technically we connect exactly the same way as we would without this configuration. We still redirect our connection through amberJump (the hop server). The only thing that has changed is that OpenSSH is doing the step in between for us. It also allows us now to transfer files "directly" to the destination host. (The file is still being redirected through the hop server).
Comments (0)