ssh tunnelling to multiple destinations - how to handle changing server key ?
Hello there,
I need to connect to multiple destination hosts within a remote network through one gateway - preferably at the same time. So far, I needed only one destination. I did something like: Code:
ssh -L 2221:host1:22 user@gateway.remotenetwork.de Code:
ssh -p 2221 user@localhost Now , with three target hosts, I thought I could do something like Code:
ssh -L 2221:host1:22 -L 2222:host2:22 -L 2223:host3:22 user@gateway.remotenetwork.de Code:
ssh -p 2221 user@localhost The problem is that host1, host2, host3 have different host keys (and I can not change that), but appear to be the same host to the ssh client due to the @localhost part of the ssh command. So, to access host1, host2, host3 one after another, I could switch the ~/.ssh/known_hosts file. But that would be cumbersome and would not allow me to access all three destinatons at the same time. I can not open several ssh connections to the gateway and from there, log in to the three destinations, because login via ssh is not the only thing I need to do. I also need to do scp, sshfs, and ssh-git, therefore I need a tunneled (but direct from the client's point of view) access to all three destination hosts. Is there a way to make ssh client distinguish these three destinations (by the local port or so) ? Or is there a way to choose a different .ssh directory or known_hosts file for each ssh invocation (without creating multiple users locally) ? Or something else ? Thanks in advance, Kubuntu-man - now using XFCE :-) |
check out the ProxyCommand for ssh_config, that's a much nicer way to do what you want. Took me years to discover it, big forehead slap when I read about it.
|
You can put something like:
Code:
Host * |
Quote:
|
Most of the time I use it to connect to machines which can’t be reached directly from the Internet and trust the infrastructure behind the firewall.
|
sure, but ProxyCommand is even more suitable for that.
|
Thanks a lot, the ProxyCommand did the job for me too. I needed to search the web for examples to get it working, but now it's fine.
For anyone having the same problem (and finding this thread), here's my ~/.ssh/config: Code:
Protocol=2 |
I'll add on here something can be useful at times. On modern versions of bash, you should have access to /dev/tcp. This can be used to not even require netcat:
Code:
ProxyCommand ssh gatewayserver 'exec 3<>/dev/tcp/%h/22; cat <&3 & cat >&3;kill $!' |
All times are GMT -5. The time now is 05:53 PM. |