Automatic connection of SSH through a proxy

How do you automatically configure the use of a proxy for certain SSH connections, e.g. to use a static IP within a company network from the home office?

If you want to establish an SSH connection to a server that has an IP filter, for example, you can do this via a so-called proxy.

Client -> SSH -> Proxy server -> SSH -> Target server

 

# Step 1 ssh (e.g. via vpn) to a server within the company network
ssh userlocal@192.168.178.199
 
# Step 2: After connecting to the corporate server, open another SSH connection to the IP-protected target server
ssh remote@someexternaldomain.com -p 25426

 

This procedure is quite cumbersome and not something you want to repeat several times a day. Especially not if there are multiple target servers.

MacOS and Linux offer a comfortable and fast workaround for such problems. To do this, create the following file in the home directory /Users/myusername/.ssh/config

In this file presets for SSH connections can be stored. A simple example looks like this

 

Host server1
    HostName myexternalserver.com
    Port 25426
    User remote

 

This configset can be used as follows

 

# "conventional" method (without preset)
ssh remote@myexternalserver.com -p 25426
 
# using the preset (.ssh/config)
ssh server1

 

Now we extend the above example and add a proxy:

 

Host server1
    HostName myexternalserver.com
    Port 25426
    User remote
   ProxyCommand ssh userlocal@192.168.178.199 -W %h:%p

 

The shortcut is used as before:

 

# Connection to server1 via proxy
ssh server1

 

Now whenever you type "ssh server1" in the terminal, an SSH connection is established to the proxy 192.168.178.199 and from there to the server myexternalserver.com.

For this procedure to work without entering passwords, a working authentication via public / private keys is assumed. The use of passwords is considered insecure and is not recommended.

prev Server monitoring with Prometheus and Grafana
next Automatic connection of SSH through a proxy