SSH tunnel for ssh traffic

Rick Sewill rsewill at gmail.com
Thu Apr 15 18:17:01 UTC 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/15/2010 09:12 AM, Christoph Höger wrote:
> Hi,
> 
> I need to ssh to some remote VM that sit in a private LAN. For any other
> service (e.g. RDP) I'd use ssh tunneling just normal.
> But what do I do for ssh traffic? Since ssh is not host agnostic, it
> will always complain about localhost having a different RSA key.
> I just do not want to edit the known_hosts every time I need to connecto
> to a new machine!
> 
> Is there some way to tell ssh to use a tunnel directly for a connection?
> 
> regards
> 
> Christoph
> 

I'm afraid I do not understand what you are asking.

Let me try to answer what I think you are asking.
I apologize if I'm wrong.

Let us say I want to ssh tunnel to a remote machine on a remote lan.
Let us say I want to tunnel ssh traffic through this ssh tunnel to
still a third machine on that remote lan.

Could I do something like the following in my ~/.ssh/config file:

Host remote
     HostKeyAlias myAliasForRemote
     HostName remote.com
     LocalForward 2222 veryremotehost:22

Host veryremote
     HostKeyAlias myAliasForVeryRemote
     HostName localhost
     port 2222

Now, could I do
ssh remote
and myAliasForRemote is what is associated with the host in my
~/.ssh/known_hosts file.
and as long as this connection is open, could I do
ssh veryremote
and myAliasForVeryRemote is what is associated with the host,
veryremotehost, in my ~/.ssh/known_hosts file.

I am not sure if the DNS name, "veryremotehost" needs to be resolved
locally or remotely.  I think it is remotely, but you would need to
check.  Normally, I would have used IP addresses because the hosts on
the company's internal lan did not have DNS entries.

The HostKeyAlias controls the name used for the host that is stored in
the ~/.ssh/known_hosts file.

Is this what you are asking?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkvHWB0ACgkQyc8Kn0p/AZT9LACcDNo/uJxnV1fx4JEbboAIgFt2
fMYAoK62YhEtG/Oc45hZs1hAED9tLBOe
=aTns
-----END PGP SIGNATURE-----


More information about the users mailing list