A while ago, I wanted to copy some stuff from my laptop to a machine behind a proxying firewall.
Very quickly, I got sick of copying something to the firewall, logging in, then copying to the final machine, so I put together a small ssh proxy script that would log into the firewall for me when I requested the dest machine (sunshine), and then use nc to connect to sunshine.
But, the problem is that sometimes I carry my laptop into the house where ‘sunshine’ lives, so I extended it to become the script ssh-through-fw
With that script in an appropriate location, I add this to my ~/.ssh/config:
ProxyCommand $HOME/.install/bin/ssh-through-fw 192.168.1. user@firewall %h %p
Where 192.168.1. is the prefix of the IP range used in the network behind the firewall.
Now, when I am running remotely, connecting to sunshine happens through the firewall, but when I’m behind the firewall it connects directly to the machine without me thinking about it.
5 thoughts on “SSH trick”
Great. I could use this. Sadly thereâ€™s no netcat on our gateway. It is FreeBSD 4.11.
Cool. I could compile nc. No netcat but a build system. Schlau. Thank you.
Just thought I’d let you be aware of a little utility called connect that works as a ProxyCommand for ssh.
I’ve been using it at work with the http proxy to tunnel out for a while and it works very nicely.
How about using SSH to create a SOCKS proxy? The -D option is here exactly for that purpose.
You don’t need to use netcat, ssh has the ability to pipe data over the link built in:
cat myfile.txt | ssh -t host ‘cat – > myfile.txt’
This can easily be chained together to pipe data from an edge server to an internal one. I use this trick all the time.