Forward SSH traffic through a middle machine

bashcommand linegitsshtunnel

SSH tunneling is very confusing to me. I am wondering if I can do this in Linux.

I have 3 machines..

A. My local machine at home.
B. Machine at work that I can SSH into (middle man).
C. My desktop at work that I can only SSH into from machine B.

So I can SSH from A -> B and from B -> C, but not from A -> C.

Is there a way to setup an SSH tunnel from A through B, so when I run other SSH commands it they just work from my local machine A? I am basically trying to clone a git repo from work to home (and I cannot install git on machine B).

Also, once setup.. How would I unset it as well?

Best Answer

Place this in your .ssh/config file on hostA (see man 5 ssh_config for details):

# .ssh/config on hostA:
Host hostC
    ProxyCommand ssh hostB -W %h:%p

Now the following command will automatically tunnel through hostB

hostA:~$ ssh hostC

You may like to add options like -oCiphers=arcfour and -oClearAllForwardings=yes to speed things up, since wrapping ssh inside ssh is computationally more expensive and the extra effort and the wrapper doesn't need to be as secure when it's tunneling already-encrypted traffic.

If you are using OpenSSH earlier than 5.3, the -W option is not available. In this case you can implement the above using netcat (nc):

ProxyCommand ssh hostB nc %h %p  # or netcat or whatever you have on hostB

Best Answer

Related Solutions

Remote Desktop through multiple ssh tunnels (A – B – C)

Related Question