SSH trick

A while ago, I wanted to copy some stuff from my laptop to a machine behind a proxying firewall.

Very quickly, I got sick of copying something to the firewall, logging in, then copying to the final machine, so I put together a small ssh proxy script that would log into the firewall for me when I requested the dest machine (sunshine), and then use nc to connect to sunshine.

But, the problem is that sometimes I carry my laptop into the house where ‘sunshine’ lives, so I extended it to become the script ssh-through-fw

With that script in an appropriate location, I add this to my ~/.ssh/config:

host sunshine

ProxyCommand $HOME/.install/bin/ssh-through-fw 192.168.1. user@firewall %h %p

Where 192.168.1. is the prefix of the IP range used in the network behind the firewall.

Now, when I am running remotely, connecting to sunshine happens through the firewall, but when I’m behind the firewall it connects directly to the machine without me thinking about it.

5 thoughts on “SSH trick”

  1. You don’t need to use netcat, ssh has the ability to pipe data over the link built in:

    cat myfile.txt | ssh -t host ‘cat – > myfile.txt’

    This can easily be chained together to pipe data from an edge server to an internal one. I use this trick all the time.

Leave a Reply

Your email address will not be published. Required fields are marked *