Skip to main content

Wade Armstrong

You Should Switch to ProxyCommmand With SSH #

SSH forwarding is great, but ProxyCommand lets you actually script how to make multiple jumps to get to a box.

To set it up, do the following:

  1. Copy your public key to all the places you want it
  1. On your laptop, create a file that looks like the following file at .ssh/config
Host foo
User warmstrong

Host automation
User warmstrong

Host jump #this creates a host aliased to "jump", now you can "ssh jump"
Hostname jumpbox.dom
User warmstrong
ProxyCommand ssh -q -W %h:%p foo #This means "ssh to this box using foo"

Host admin.other.dom
User warmstrong
ProxyCommand ssh -q -W %h:%p foo #Using the Hostname(%h) and Port(%p) you're using anyway, and passing stdio directly through(-W) but hiding errors(-q)

Host uat
User warmstrong
Hostname uat01.dom
ProxyCommand ssh -q -W %h:%p jump #Note that you're using the named jump box above to go here

Host logrepo
User warmstrong
Hostname logrepo.dom
ProxyCommand ssh -q -W %h:%p jump #SSH will resolve everything in the chain, so it figures out you need jump, jump needs foo, and does all those sshes to get there

Host static-server
User warmstrong
Hostname static.yourdomain.dom
ProxyCommand ssh -q -W %h:%p jump #Fun fact, -W means that this works for scp as well as ssh
  1. You can now ssh directly to uat, logrepo, etc. without hitting multiple jump boxen.