Difference between revisions of "SSH connection chaining and forwarding"

From Notes_Wiki
m
m
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
<yambe:breadcrumb>OpenSSH_server_configuration|OpenSSH</yambe:breadcrumb>
[[Main Page|Home]] > [[CentOS]] > [[CentOS 6.x]] > [[OpenSSH server configuration]] > [[SSH connection chaining and forwarding]]
=SSH connecting chaining and forwarding=


'''There is updated article on SSH client tips and tricks at [[CentOS 8.x SSH client tips and tricks]]'''
'''There is updated article on SSH client tips and tricks at [[CentOS 8.x SSH client tips and tricks]]'''
Line 54: Line 53:


Steps learned from http://sshmenu.sourceforge.net/articles/transparent-mulithop.html
Steps learned from http://sshmenu.sourceforge.net/articles/transparent-mulithop.html
[[Main Page|Home]] > [[CentOS]] > [[CentOS 6.x]] > [[OpenSSH server configuration]] > [[SSH connection chaining and forwarding]]

Latest revision as of 09:43, 14 July 2022

Home > CentOS > CentOS 6.x > OpenSSH server configuration > SSH connection chaining and forwarding

There is updated article on SSH client tips and tricks at CentOS 8.x SSH client tips and tricks

To connect to a second SSH server using a middle ssh server following different methods can be used:

Connect to first server and then using shell connect to second server

  • In this case two different ssh commands are required.
  • If files need to be copied from current machine to second server then they would have to be copied to middle server before they can be copied to destination.
  • If identity of current workstatation needs to be used on second server then agent forwarding (-A) needs to be enabled
	[root@laptop ~]#ssh root@machine1
	...
        [root@machine1 ~]#ssh root@machine2
	...
	[root@machine2 ~]


Use ssh second ssh command as argument for first ssh command

  • In this case one single ssh command will allow to connect to second server directly.
  • But even in this case file copying will not be very convinient.
	[root@laptop ~]#ssh -t root@machine1 ssh root@machine2
	...
	[root@machine2 ~]


Use of ssh ProxyCommand option in /etc/ssh/ssh_config or ~/.ssh/config configuration file

For this use configuration similar to:

       Host machine2
            ProxyCommand ssh root@machine1 nc machine2 22

Note that this configuration assumes package 'nc' is installed on machine1

  • In this case we can directly connect to machine2 and use of machine1 as middle-man is transparent
  • Since direct SSH handshake will happen between laptop and machine2, we do not need agent forwarding
  • Copying of files from laptop to machine2 will also work directly (through machine1 as middle man)
	[root@laptop ~]# ssh root@machine2
	...
	[root@machine2 ~]  

Futher if SSH connection multiplexing using ControlMaster and ControlPath options is also configured (Explained at Sharing multiple ssh connections) then additional channels to machine2 will be much faster by use of same parent connection.

Steps learned from http://sshmenu.sourceforge.net/articles/transparent-mulithop.html



Home > CentOS > CentOS 6.x > OpenSSH server configuration > SSH connection chaining and forwarding