[clug] Cool ssh hack
Martin Schwenke
martin at meltin.net
Sun Jun 10 14:56:49 MDT 2012
On Sun, 10 Jun 2012 15:16:04 +1000, Michael Still <mikal at stillhq.com>
wrote:
> I saw this recently, and its super cool. Perhaps other people would find
> it useful. I have many machines at home, and a single ssh jumphost which
> has external DNS and a routable IP. Here's how I can ssh to an internal
> machine called zii.home.stillhq.com or another machine named
> cat.home.stillhq.com by magic wherever I may be...
>
> $ cat ~/.ssh/config
> Host cat.home zii.home
> ProxyCommand ssh jumphost.stillhq.com nc -q0 %h %p
>
> So, when I ssh to zii.home.stillhq.com, ssh actually connects to
> jumphost.stillhq.com. It then runs netcat, and pushes ssh traffic to it.
> So, there are two ssh authentications, but because I use key based
> authentication I don't even notice.
If you want a bit more transparency, can identify your network by its
IP range, and are happy to put up with the overhead of an extra netcat
process when at home, then you can do this:
Host cat zii *.home
ProxyCommand ssh_proxy_home %h %p
The script ssh_proxy_home looks like this:
$ cat bin/ssh_proxy_home
#!/bin/sh
host=$1
port=$2
local_ips=$( ip -4 addr show scope global | awk '/inet / {print $2}' )
case "$local_ips" in
*192.168.99.*/8*)
via=''
;;
*)
via='ssh jumphost.stillhq.com'
esac
exec $via nc -q 5 $host $port
Then you can can do "ssh zii" or "ssh cat" from wherever you are... :-)
I originally got this from Tony Breeds.
peace & happiness,
martin
More information about the linux
mailing list