ssh hack: connect directly to machine via a firewall box

Written on 17 November 2008

It's common to have to ssh to firewall / gateway machine, then ssh to the machine you want to work on within a server network.

Typically you'd do this from your local machine:

$ ssh firewall.example.com
Password:
$ ssh my-private-host

I finally got bored of doing this, and created the following file: /usr/bin/sssh

#!/bin/bash
ssh -oproxycommand="ssh -q firewall.example.com nc -q0 %h %p" $*

Now I can use the sssh command to connect to hosts using the firewall machine as a proxy. Like most good hacks, this uses netcat.

Eg:

$ sssh 10.1.2.3 

Will connect me directly to a machine on the server network, via the firewall box. Seeing as it passes all parameters to ssh (the $* bit) you can do port forwards and X-forwarding as usual too:

$ sssh -L 5432:localhost:5432 my-vm

This lets me tunnel the port for a PostgreSQL running on my development vm (my-vm) in a single command. I have all my keys installed, so no passwords needed - I estimate this will save me about 60 seconds every day.


This article was written on: 17 November 2008
Tagged as:
blog comments powered by Disqus