We wanted to be able to ssh into some machines which were behind a firewall so we set up a jumpbox which our firewall directed any traffic on port 22 towards.
Initially if we wanted to SSH onto a machine inside the network we’d have to do a two step process:
$ ssh jumpbox # now on the jumpbx $ ssh internal-network-machine
We put the following into ~/.ssh/config:
Host jumpbox jumpbox-ip Hostname jumpbox-ip User user IdentityFile ~/.ssh/id_rsa ProxyCommand none Host internal-network-machine Hostname internal-network-machine-ip Host 10.* User ubuntu ProxyCommand ssh jumpbox exec nc -w 9000 %h %p UserKnownHostsFile /dev/null StrictHostKeyChecking no
The ‘-w 9000’ flag defines a 2 1/2 hour wait period so that any orphaned connections will die off within that time.
%h and %p represent the host and port of the internal machine so in this case %h is ‘internal-network-machine-ip’ and the port will be 22.
We can then just do the following to ssh into the machine:
Which is pretty neat!