[clug] Cool ssh hack

Martin Schwenke martin at meltin.net
Sun Jun 10 14:56:49 MDT 2012

On Sun, 10 Jun 2012 15:16:04 +1000, Michael Still <mikal at stillhq.com>

> I saw this recently, and its super cool. Perhaps other people would find
> it useful. I have many machines at home, and a single ssh jumphost which
> has external DNS and a routable IP. Here's how I can ssh to an internal
> machine called zii.home.stillhq.com or another machine named
> cat.home.stillhq.com by magic wherever I may be...
> $ cat ~/.ssh/config
> Host cat.home zii.home
>   ProxyCommand ssh jumphost.stillhq.com nc -q0 %h %p
> So, when I ssh to zii.home.stillhq.com, ssh actually connects to
> jumphost.stillhq.com. It then runs netcat, and pushes ssh traffic to it.
> So, there are two ssh authentications, but because I use key based
> authentication I don't even notice.

If you want a bit more transparency, can identify your network by its
IP range, and are happy to put up with the overhead of an extra netcat
process when at home, then you can do this:

Host    cat zii *.home
        ProxyCommand            ssh_proxy_home %h %p

The script ssh_proxy_home looks like this:

$ cat bin/ssh_proxy_home


local_ips=$( ip -4 addr show scope global | awk '/inet / {print $2}' )

case "$local_ips" in
	via='ssh jumphost.stillhq.com'

exec $via nc -q 5 $host $port

Then you can can do "ssh zii" or "ssh cat" from wherever you are...  :-)

I originally got this from Tony Breeds.

peace & happiness,

More information about the linux mailing list