

Transparent Multi-Hop SSH - notmyname
http://sshmenu.sourceforge.net/articles/transparent-mulithop.html

======
ams6110
I do this to access work machines from home. The only problem with the
technique is that some organizations and malware detection software consider
netcat to be a "hacking" tool and remove it. This is particularly common on
Windows servers.

Newer OpenSSH has a netcat mode built-in
[http://blog.rootshell.be/2010/03/08/openssh-new-feature-
netc...](http://blog.rootshell.be/2010/03/08/openssh-new-feature-netcat-mode/)

~~~
sciurus
With -W, the articles examples could be rewritten to

    
    
      Host ruapehu
        HostName ruapehu.example.com
    
      Host aoraki
        ProxyCommand ssh -W %h:%p ruapehu
    
      Host tongariro
        ProxyCommand ssh -W %h:%p aoraki

------
zobzu
Non listed stuff (its funny that the ssh "supertrick" comes up every week on
HN, i guess i should copy past this post):

* the other advantage is "not forwarding the agent" which is more secure

* using control socket can be annoying because of the way it closes / is opened in certain conditions

* ssh -W saves a nc command

* the % hack does not work in all conditions, only for simple constructs

It would be nice to have this stuff just work native in SSH to avoid all the
issues, and more reliable control socket release.

i've been using a script adding the entries to .ssh/config for many years and
enable control socket manually when i know i want it, but all this is quite
cumbersome, even if its still better and less annoying than ssh -A.

------
a3_nm
There is a hack that you can put in your ssh config file to be able to write
ssh gateway%host and have it transparently perfom the hop. See
<http://news.ycombinator.com/item?id=3545370>

------
ryan-c
I wrote a tool to do proxy based host chaining a last year. It has support for
some more complicated things such as different usernames and/or ports per
host. It will also autodetect whether ssh -W works ane fall back to remote
netcat if not.

<https://github.com/ryancdotorg/ssh-chain>

------
DEinspanjer
I use bash functions with ssh -t because, for some reason, on OSX, the
ProxyCommand doesn't properly do pubkey authentication for me. Even when I
explicitly set ForwardAgent or -A. :/

------
vigo
nice

