Hacker News new | past | comments | ask | show | jobs | submit login

What is more, you can specify an abstraction for the tedious double-ssh where you first connect to some internet-facing host in order to gain access to an internal machine:

    Host $ALIAS
        User $USER
        HostName $INTERNAL
        ProxyCommand ssh $USER2@$PUBLIC -W %h:%p
Now

    laptop> ssh [email protected]
    public> ssh dev@myworkstation
becomes

    laptop> ssh work
(I just realized that this slightly confused article seems to accomplish the same by using a convoluted setup of port-forwardings and netcat.)



The ssh -W option -- which replaces netcat -- is relatively new. E.g. Redhat 5.x did not have it, nor did Ubuntu 10.04 LTS. Until OpenSSH 5.4 netcat was the way to do this sort of proxying.


I ran into an issue[1] with the combination of -W and control persist -- using openssh versions < 6.0.

netcat worked fine.

  [1]: https://news.ycombinator.com/item?id=4678117


And if your router keeps dropping idle connections, add something like:

    ServerAliveInterval 240
    ServerAliveCountMax 5


Can help on mobile (3G/4G) connections too.


> (I just realized that this slightly confused article seems to accomplish the same by using a convoluted setup of port-forwardings and netcat.)

Yeah, the article sets separately first

    Host bar
      ...
and then

    Host behind.bar
      ...
But it can also be done by just one step:

    host behindbar
      User         <user-behindbar>
      Hostname     behindbar.___domain
      ProxyCommand ssh <user-bar>@bar.___domain nc %h %p 2> /dev/null


I use autossh[1] to keep a tunnel open in the background to $PUBLIC which lets me connect faster to $INTERNAL.

[1] http://www.harding.motd.ca/autossh/




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: