Automatic connection of SSH through a proxy
How do you automatically configure the use of a proxy for certain SSH connections, e.g. to use a static IP within a company network from the home office?
If you want to establish an SSH connection to a server that has an IP filter, for example, you can do this via a so-called proxy.
Client -> SSH -> Proxy server -> SSH -> Target server
# Step 1 ssh (e.g. via vpn) to a server within the company network ssh userlocal@192.168.178.199 # Step 2: After connecting to the corporate server, open another SSH connection to the IP-protected target server ssh remote@someexternaldomain.com -p 25426
This procedure is quite cumbersome and not something you want to repeat several times a day. Especially not if there are multiple target servers.
MacOS and Linux offer a comfortable and fast workaround for such problems. To do this, create the following file in the home directory /Users/myusername/.ssh/config
In this file presets for SSH connections can be stored. A simple example looks like this
Host server1 HostName myexternalserver.com Port 25426 User remote
This configset can be used as follows
# "conventional" method (without preset) ssh remote@myexternalserver.com -p 25426 # using the preset (.ssh/config) ssh server1
Now we extend the above example and add a proxy:
Host server1 HostName myexternalserver.com Port 25426 User remote ProxyCommand ssh userlocal@192.168.178.199 -W %h:%p
The shortcut is used as before:
# Connection to server1 via proxy ssh server1
Now whenever you type "ssh server1" in the terminal, an SSH connection is established to the proxy 192.168.178.199 and from there to the server myexternalserver.com.
For this procedure to work without entering passwords, a working authentication via public / private keys is assumed. The use of passwords is considered insecure and is not recommended.