Jump multiple remote hosts using ProxyCommand (SSH Tunneling)

This article introduces how to ssh-jump on a remote intermediate server(s) to ssh-connect into a target server with a single command.

Prerequisites

This article assumes that All machines (including local and remote servers) share the same public and private RSA keys.

This article requires a setting for complete passwordless ssh login, described in the following posts:

• How to configure SSH without Passwords
• How to permanently add passphrase of private key to ssh-agent

Connection Example

Let’s assume that we have a local server (indicated as Local in the figure) and remote servers (indicated as R# in the figure), where we can use ssh between the two servers directly connected by a green line (i.e., we can only connect from local to R0 server).

Our goal is to connect from local to any remote server with a single ssh command.

Using ProxyCommand for SSH Tunneling

To set up the ssh-jump, open up ~/.ssh/config in the local machine and add the following:

$ vim ~/.ssh/config

Host *
    IgnoreUnknown UserKeychain
    UseKeychain yes
    AddKeysToAgent yes
    IdentityFile ~/.ssh/id_rsa

Host R0
    Hostname %h.postech.ac.kr
    Port 22

Host R1
    Hostname %h.postech.ac.kr
    Port 22
    ProxyCommand ssh -W %h:%p R0

Host R2 R3
    Hostname %h.postech.ac.kr
    Port 22
    ProxyCommand ssh -W %h:%p R1

Host R4
    Hostname %h.postech.ac.kr
    Port 22
    ProxyCommand ssh -W %h:%p R3

SSH Log-in Using Single Command

With ~/.ssh/config set, you can connect to any remote server with a single command.

For example, to connect from Local to R4:

$ ssh R4

---

References

1. SSH through multiple hosts using ProxyCommand?