Re: Examples of ProxyCommand?

Am 27.04.12 03:47, schrieb ghand:
As a test to find some examples of using ProxyCommand, I tried

ProxyCommand nc %h %p

that seemed to make no change I could see..


why do you think you need ProxyCommand? Usually this is needed if you
have to connect to a host which is not directly reachable.

So lets assume, you have a client computer C, with ssh installed.

Lets assume, there is a second compter H, the host running sshd, which
is standing behind a firewall and can not be reached directly by C.

Connecting from C to H is possible, if there is an intermediate Host IH
with an sshd, to which you can connect from C, and which can connect to
H. The simplest way would be somethink like

ssh IHUser@IH

and then, from IH:

ssh HUser@H

where IHUser is a valid user at the intermediate Host IH and HUser is a
valid user at host H.

You could also reach this by the one command

ssh -At IHUser@IH ssh HUser@H

when PubkeyAuthentication is setup correctly on host IH and H and you
use the same public key on host IH and H. But how do you set up a tunnel
from C to H? There is a third possibility (and there are furhter
possibilities, too):

ssh -oProxyCommand="ssh IHUser@IH nc %h %p" HUser@H

This gives you a connection from C to H, and you can setup a tunnel:

ssh -L 8080:localhost:80 -oProxyCommand="ssh IHUser@IH nc %h %p" HUser@H

assuming there is a http-server listening at port 80 on host H.

Of course, there has to be nc at the intermediate host IH for this to
work. To understand, how this works, you should read
man 5 ssh_config (look for ProxyCommand)
and
man ssh (look for -o)

If everythink works as expected, you can put the correct ProxyCommand
into ~/.ssh/config

(But if you just need a tunnel from C to H, you could simply run

ssh -L 8080:H:80 IHUser@IH

so i am not sure, you really need ProxyCommand at all)

Wolfgang
.

Relevant Pages

  • Re: Examples of ProxyCommand?
    ... have to connect to a host which is not directly reachable. ... So lets assume, you have a client computer C, with ssh installed. ... man 5 ssh_config (look for ProxyCommand) ... $ channel 2: open failed: connect failed: Operation not permitted ...
    (comp.security.ssh)
  • forcing ssh-tunnel in authorized_keys
    ... What I want to do is, that a user opens a tunnel with ssh and the ssh-server ... tells him at which host the tunnel ends. ...
    (comp.security.ssh)
  • Re: SSH Tunneling - security concerns
    ... > don't actually know much about SSH i think. ... You can make a host on one network accept connections on a certain ... they probably use plain telnet to ... firewall, you can configure a tunnel, that will forward connections to port ...
    (comp.security.ssh)
  • Re: X11 tunnel over ssh and then rsh
    ... host B with ssh server but without X server ... (on host C there's also an ssh server, but in our case, users ... A$ ssh -Y B (-Y or -X, to create a X tunnel) ...
    (freebsd-questions)
  • Re: SSH, SaMBa, & NFS?
    ... can I pass NFS or SaMBa traffic via an SSH tunnel as ... Maybe I should have included a wonderful ASCII diagram so you can see how everything is laid out as the example you provided I think only allows between the two ssh endpoints. ... Host B has both NFS and Samba loaded and can mount smb filesystems from the smb fileservers today. ... another address range for a loopback, but I've never seen anything other than 127.0.0.1 as a loopback on a unix machine and changing it will surely break something. ...
    (Fedora)