How to get your ssh client to connect via a proxy host.

OpenSSH on Unix

  • Generate SSH keys.
$ ssh-keygen -t rsa -b 2048 -C "pid@vt.edu"
  • Your config file is ~/.ssh/config.
  • Add your key to the SSH agent.
$ ssh-add -l
The agent has no identities.
$ ssh-add .ssh/your-ssh-key
Enter passphrase for .ssh/your-ssh-key: 
Identity added: .ssh/your-ssh-key (.ssh/your-ssh-key)
$ ssh-add -l
2048 SHA256:... .ssh/your-ssh-key (RSA)
  • Using SSH keys and agent forwarding will make your life a lot easier.
# In this example, ssh-gateway.cns.vt.edu is the host you wish to proxy through.
#
# First, we connect to the proxy directly
# The * in the name below allows for the .ipv4 and .ipv6 host names
Host ssh-gw.cns.*vt.edu
  ProxyCommand none
#
# Add other direct connect hosts in cns.vt.edu here
#
#
# Proxy all other cns hosts
Host *.cns.*vt.edu
  ProxyJump user@ssh-gw.cns.vt.edu:22
#
# If you just want to proxy the OOB network
#
Host *.oob.cns.*vt.edu
  ProxyJump user@ssh-gw.cns.vt.edu:22
#
# Proxy all other nis hosts
Host *.nis.*vt.edu
  ProxyJump user@ssh-gw.cns.vt.edu:22
#
# If you always need to use your login on the gateway and shared on the destination
# (ssh <shared-user>@device.oob.cns.vt.edu works for occasional use)
#
Host *.oob.cns.*vt.edu
  User admin
  ProxyJump user@ssh-gw.cns.vt.edu:22
#
# Setting up agent forwarding
#
Host ssh-gw.cns.vt.edu
 ForwardAgent yes
  • Add your public key to the authorized_keys file of the ssh-gateway you will proxy through.
$ ssh-copy-id -i ~/.ssh/your-ssh-key.pub user@ssh-gw.cns.vt.edu

Putty/WinSCP on Windows

Some notes on multi hop ssh are on this blog.

Forwarding Ports

  • SSH to the gateway host
  • Within that session, type ~C to get into SSH command mode. (~ must be the first thing after newline.)
  • Enter something like -L 2222:dest-host.cns.vt.edu:22