{"id":3631,"date":"2016-02-08T00:26:53","date_gmt":"2016-02-07T23:26:53","guid":{"rendered":"https:\/\/glandium.org\/blog\/?p=3631"},"modified":"2019-09-03T15:21:15","modified_gmt":"2019-09-03T06:21:15","slug":"ssh-through-jump-hosts-revisited","status":"publish","type":"post","link":"https:\/\/glandium.org\/blog\/?p=3631","title":{"rendered":"SSH through jump hosts, revisited"},"content":{"rendered":"<p>Close to 7 years ago, I wrote about <a href=\"\/blog\/?p=303\">SSH through jump hosts<\/a>. <a href=\"\/blog\/?p=308\">Twice<\/a>. While the method used back then still works, Openssh has grown an new option in version 5.3 that allows it to be simplified a bit, by not using <code>nc<\/code>.<\/p>\n<p>So here is an updated rule, version 2016:<\/p>\n<blockquote>\n<pre>Host *+*\r\nProxyCommand ssh -W $(echo %h | sed 's\/^.*+\/\/;s\/^\\([^:]*$\\)\/\\1:22\/') $(echo %h | sed 's\/+[^+]*$\/\/;s\/\\([^+%%]*\\)%%\\([^+]*\\)$\/\\2 -l \\1\/;s\/:\\([^:+]*\\)$\/ -p \\1\/')<\/pre>\n<\/blockquote>\n<p>The syntax you can use to connect through jump hosts hasn't changed compared to previous blog posts:<\/p>\n<ul>\n<li>With one jump host:<br \/>\n<blockquote>\n<pre>$ ssh login1%host1:port1+host2:port2 -l login2<\/pre>\n<\/blockquote>\n<\/li>\n<li>With two jump hosts:<br \/>\n<blockquote>\n<pre>$ ssh login1%host1:port1+login2%host2:port2+host3:port3 -l login3<\/pre>\n<\/blockquote>\n<\/li>\n<li>With three jump hosts:<br \/>\n<blockquote>\n<pre>$ ssh login1%host1:port1+login2%host2:port2+login3%host3:port3+host4:port4 -l login4<\/pre>\n<\/blockquote>\n<\/li>\n<li>etc.<\/li>\n<\/ul>\n<p>Logins and ports can be omitted.<\/p>\n<p><b>Update:<\/b> Add missing port to <code>-W<\/code> flag when one is not given.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Close to 7 years ago, I wrote about SSH through jump hosts. Twice. While the method used back then still works, Openssh has grown an new option in version 5.3 that allows it to be simplified a bit, by not using nc. So here is an updated rule, version 2016: Host *+* ProxyCommand ssh -W [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,25],"tags":[23],"class_list":["post-3631","post","type-post","status-publish","format-standard","hentry","category-pdo","category-planet-mozilla","tag-en"],"_links":{"self":[{"href":"https:\/\/glandium.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/3631","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/glandium.org\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/glandium.org\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/glandium.org\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/glandium.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3631"}],"version-history":[{"count":5,"href":"https:\/\/glandium.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/3631\/revisions"}],"predecessor-version":[{"id":3636,"href":"https:\/\/glandium.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/3631\/revisions\/3636"}],"wp:attachment":[{"href":"https:\/\/glandium.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3631"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/glandium.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3631"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/glandium.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3631"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}