I’ve had problems in the past, where I’ve had so many NAT configurations to get into various machines in my small, home network. Using the ssh ProxyCommand, you can use a single exposed machine to forward your ssh sessions onto any machine in your network.
Obviously, most (if not all) flavours of Linux come with an ssh client included in the basic install, so you can just chuck a little config into ~/.ssh/config and your done.
In this example, I’ve exposed sshproxy.example.com to the internet on port 22, and I’m going to setup a connection to build.example.local (inside my network):
Host example-build User example Hostname build.example.local ForwardAgent yes ProxyCommand ssh firstname.lastname@example.org nc %h %p
Host is an arbitrary string to describe you connection. You’ll use this as the host value when you run ssh:
User is the username that you use to connect to the host at Hostname
ProxyCommand is the command you run to create the proxy.
You can configure Putty the same way by doing this:
- In the session section type this for the host string:
- In Connection:Data enter your username:
- In Connection:Proxy add the proxy settings:
- and, Finally allow Agent Forwarding in Connection:SSH:Auth
As long as you have your public key installed on the proxy and the host that you are connecting to, and your key is loaded into pageant, This will work.
Please note that it is necessary to have publickey authentication with the proxyhost using this method. It is possible to send the password over to the proxy, but I don’t recommend that at all.