SSH connecting chaining and forwarding
To connect to a second SSH server using a middle ssh server following different methods can be used:
Connect to first server and then using shell connect to second server
- In this case two different ssh commands are required.
- If files need to be copied from current machine to second server then they would have to be copied to middle server before they can be copied to destination.
- If identity of current workstatation needs to be used on second server then agent forwarding (-A) needs to be enabled
[root@laptop ~]#ssh root@machine1 ... [root@machine1 ~]#ssh root@machine2 ... [root@machine2 ~]
Use ssh second ssh command as argument for first ssh command
- In this case one single ssh command will allow to connect to second server directly.
- But even in this case file copying will not be very convinient.
[root@laptop ~]#ssh -t root@machine1 ssh root@machine2 ... [root@machine2 ~]
Use of ssh ProxyCommand option in /etc/ssh/ssh_config or ~/.ssh/config configuration file
For this use configuration similar to:
Host machine2 ProxyCommand ssh root@machine1 nc machine2 22
Note that this configuration assumes package 'nc' is installed on machine1
- In this case we can directly connect to machine2 and use of machine1 as middle-man is transparent
- Since direct SSH handshake will happen between laptop and machine2, we do not need agent forwarding
- Copying of files from laptop to machine2 will also work directly (through machine1 as middle man)
[root@laptop ~]# ssh root@machine2 ... [root@machine2 ~]
Futher if SSH connection multiplexing using ControlMaster and ControlPath options is also configured (Explained at Sharing multiple ssh connections) then additional channels to machine2 will be much faster by use of same parent connection.
Steps learned from http://sshmenu.sourceforge.net/articles/transparent-mulithop.html