SSH connection chaining and forwarding

From Notes_Wiki
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Home > CentOS > CentOS 6.x > OpenSSH server configuration > SSH connection chaining and forwarding

There is updated article on SSH client tips and tricks at CentOS 8.x SSH client tips and tricks

To connect to a second SSH server using a middle ssh server following different methods can be used:

Connect to first server and then using shell connect to second server

  • In this case two different ssh commands are required.
  • If files need to be copied from current machine to second server then they would have to be copied to middle server before they can be copied to destination.
  • If identity of current workstatation needs to be used on second server then agent forwarding (-A) needs to be enabled
	[root@laptop ~]#ssh root@machine1
	...
        [root@machine1 ~]#ssh root@machine2
	...
	[root@machine2 ~]


Use ssh second ssh command as argument for first ssh command

  • In this case one single ssh command will allow to connect to second server directly.
  • But even in this case file copying will not be very convinient.
	[root@laptop ~]#ssh -t root@machine1 ssh root@machine2
	...
	[root@machine2 ~]


Use of ssh ProxyCommand option in /etc/ssh/ssh_config or ~/.ssh/config configuration file

For this use configuration similar to:

       Host machine2
            ProxyCommand ssh root@machine1 nc machine2 22

Note that this configuration assumes package 'nc' is installed on machine1

  • In this case we can directly connect to machine2 and use of machine1 as middle-man is transparent
  • Since direct SSH handshake will happen between laptop and machine2, we do not need agent forwarding
  • Copying of files from laptop to machine2 will also work directly (through machine1 as middle man)
	[root@laptop ~]# ssh root@machine2
	...
	[root@machine2 ~]  

Futher if SSH connection multiplexing using ControlMaster and ControlPath options is also configured (Explained at Sharing multiple ssh connections) then additional channels to machine2 will be much faster by use of same parent connection.

Steps learned from http://sshmenu.sourceforge.net/articles/transparent-mulithop.html



Home > CentOS > CentOS 6.x > OpenSSH server configuration > SSH connection chaining and forwarding