Transparent ssh tunnels

One of our clients tipped me off to this awesome ssh configuration to create dynamic tunnels to servers which would otherwise be hidden behind NAT or a firewall. The mechanism uses a bastion host as a proxy combined with netcat.

Example snippet from .ssh/config or /etc/ssh/ssh_config…

Host example-gw
Hostname <ip-address>

Host  *.example.com
  ProxyCommand ssh example-gw exec 'nc %h %p' 2>/dev/null

Combine this with ssh keys and (something like) keychain/pageant/ssh-agent and accessing the systems at a remote site becomes oh so easy!

Leave a Reply

Your email address will not be published. Required fields are marked *