SSH Proxy

Posted on by Bian Xi

SSH Proxy

When access remote servers, proxy server/jump host could be a good choice.

Two servers definition

jump_host

This is the proxy server, normally can be in the form of user@proxy_host.

target

This is the target server, has the form of target_user@target_host.

Jump host

This is the most simplest method which uses remote ssh command to login to target server. If just wants to use one SSH server to access another SSH server, run following command

ssh -t <jump_host> ssh <target>

Here -t is to create a pseudo-terminal, otherwise, the remote server could not display message because no tty can be used.

Proxy Jump

This is using SSH building proxy function.

ssh -o "ProxyJump <jump_host>" <target>

Proxy Command

This is to run an external command to build communication. For example, use nc command, and pass two parameters, %h is the target host, %p is the port.

ssh -o "ProxyCommand ssh <jump_host> nc %h %p" <target>

Use ssh client configuration

./ssh/cofig

Instead of using command, ProxyJump and ProxyCommand can be set in ssh client configuration file.

Host <connection_name>
  HostName <target_host>
  User <target_user>
  ProxyCommand ssh <jump_host> nc %h %p

For one server

Host target
  HostName 192.168.1.2
  User user1
  ProxyCommand ssh user2@proxy nc %h %p

For all servers

Host * !proxy
  HostName %h
  User target_user
  # ProxyCommand ssh proxy_user@proxy nc %h %p

/etc/ssh/ssh_config

This is the same as previous example, except it is a global setting.

References

4 ways to SSH & SCP via proxy (jump) server in Linux

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>


The reCAPTCHA verification period has expired. Please reload the page.