ssh login with a tunnel through intermediate server in a single command?

The ProxyCommand is what you need. At my company, all the DevOps techs have to use a "jumpstation" in order to access the rest of the VPC's. The jumpstation is VPN access-controlled.

We've got our SSH config setup to automatically go through the jumpstation automatically.

Here is an edited version of my .ssh/config file:

Host *.internal.company.com
User jacob
IdentityFile ~/.ssh/id_rsa
ProxyCommand ssh -q -A jacob@company-internal-jumphost  nc -q0 %h %p

Every time I do an 'ssh' to a server on that 'internal' subdomain, it will automatically jump through the jumpstation first.

Edit: Here is the entire section of the .ssh/config for the 'Internal' VPC for us to log into it:

# Internal VPC
Host company-internal-jumphost
   Hostname 10.210.x.x  #(edited out IP for security)
   IdentityFile ~/.ssh/id_rsa
Host 10.210.*
   User ubuntu
   IdentityFile ~/.ssh/company-id_rsa
   ProxyCommand ssh -q -A jacob@company-internal-jumphost  nc -q0 %h %p
Host *.internal.company.com
   User jacob
   IdentityFile ~/.ssh/id_rsa
   ProxyCommand ssh -q -A jacob@company-internal-jumphost  nc -q0 %h %p

If OpenSSH 7.3 or later is used then you can use ProxyJump like this:

$ ssh -o ProxyJump=user1@gateway user2@remote

If either user is omitted then the local user is implied.

A variation on the indirect login theme is indirect file transfer. You can use scp and rsync with indirect ssh to copy files through the intermediate server.

To copy through the gateway using scp:

$ scp -oProxyJump=root@gateway myfile user@remote:path

If user is omitted, the local user is used.

The ProxyJump was introduced in OpenSSH 7.3. An alternative is to use ProxyCommand:

$ scp -oProxyCommand="ssh -W %h:%p root@gateway" myfile user@remote:path

To copy through the gateway using rsync:

$ rsync -av -e 'ssh -o "ProxyJump root@gateway"' myfile user@remote@path

Or

$ rsync -av -e 'ssh -o "ProxyCommand ssh -A root@gateway -W %h:%p"' myfile user@remote@path

I paraphrase other answers (on superuser) that cover indirect scp and indirect rsync in more detail.

Tags:

Ssh

Port Forwarding

Ssh Tunneling

Related

How can I delete the 5th word of every line in a file? What's a smart way to count the number of days since X? Bash script: do something one time inside a loop then stop, but continue looping Empty kernel directory but kernel-headers are installed tmux select-pane -LDUR command - disable auto-cycling behavior Why am I getting this message from xauth: "timeout in locking authority file /home/<user>/.Xauthority"? gpg: can't open `–': No such file or directory Gnome desktop environment: how to get it working on OpenBSD? How can I copy three partitions of my disk with a specific beginning and ending using dd? How to launch gedit from terminal and detach it (just like "subl" command works)? strange ssh problem: "open failed: administratively prohibited:" Explanation of % directives in find -printf

Recent Posts