At work, I need to access some blade servers that are on a private network. The only way to get into these machines is to shell into a lab box first, and then shell into a blade.<\/p>\n
alan@desktop:~$ ssh root@labaccess\nLast login: Tue Feb 17 10:13:52 2009 from desktop\n[root@labaccess ~]# ssh root@blade3\nroot@blade3's password:-******\nLast login: Tue Feb 17 10:14:03 2009 from labaccess\n[root@blade3 ~]#<\/pre>\nA while back, I picked up this little nugget from the TriLUG mailing list (thanks to Magnus Hedemark). There is a way to make this intermediate hop automatically. Simply add the following to $HOME\/.ssh\/config:<\/p>\n
Host blade3 blade5 blade10\n ProxyCommand ssh root@labaccess \"nc %h %p\" 2>\/dev\/null<\/pre>\nNow, when I try to ssh directly from my desktop to one of the blades, it first establishes an SSH session to the labaccess machine, and then netcat’s all of my original SSH traffic directly to the target blade.<\/p>\n
This process will ask you for 0, 1 or 2 passwords, depending on whether your public key (from
desktop<\/code>) is in the $HOME\/.ssh\/authorized_keys files on thelabaccess<\/code> andbladeX<\/code> machines. Since I have my public key on all of the machines, this is what I see now:<\/p>\nalan@desktop:~$ ssh root@blade3\nLast login: Tue Feb 17 10:17:21 2009 from labaccess\n[root@blade3 ~]#<\/pre>\nThis also means that I can
scp<\/code> files directly from my desktop to the blades, without having to dump them on the labaccess machine.<\/p>\n