SSH tunnel for ssh traffic

Rick Sewill rsewill at gmail.com
Thu Apr 15 22:55:26 UTC 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/15/2010 04:38 PM, Christoph Höger wrote:
> 
>>
>> Host remote
>>      HostKeyAlias myAliasForRemote
>>      HostName remote.com
>>      LocalForward 2222 veryremotehost:22
>>
>> Host veryremote
>>      HostKeyAlias myAliasForVeryRemote
>>      HostName localhost
>>      port 2222
> 
> 
> This comes very close to my needs. Only one thing left: Is there any way
> to trigger ssh remote just by running ssh veryremote?
> 

I always started "ssh remote" manually.

Could you create a bash shell script that starts "ssh remote" in the
background, and then starts "ssh veryremote"?

- From the "man ssh" page, there is a suggestion about using
"  The following example tunnels an IRC session from client machine
  “127.0.0.1” (localhost) to remote server “server.example.com”:

      $ ssh -f -L 1234:localhost:6667 server.example.com sleep 10
      $ irc -c ’#users’ -p 1234 pinky 127.0.0.1
"

Perhaps you could do something like:
# Please note...I have not tested this.
#!/bin/bash
# establish the initial ssh tunnel putting it in the background
ssh -f remote sleep 10 &
# wait 2 seconds for ssh to set up the tunnel, hopefully long enough
sleep 2
# establish the ssh tunnel to the very remote machine.
ssh veryremote

I prefer starting "ssh -f remote sleep 10 &" manually to know the ssh
tunnel is actually started before I start using it to forward traffic.

Other than using a bash script, I can't think of a way to trigger
the starting of "ssh remote".

On another note, they added a ~/.ssh/config option that is new to me.
For those having problems with a home directory shared across multiple
machines, from "man ssh_config",
they added NoHostAuthenticationForLocalhost
"
NoHostAuthenticationForLocalhost
   This option can be used if the home directory is shared across
   machines.  In this case localhost will refer to a different
   machine on each of the machines and the user will get many warn-
   ings about changed host keys.  However, this option disables host
   authentication for localhost.  The argument to this keyword must
   be “yes” or “no”.  The default is to check the host key for
   localhost.
"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkvHmV4ACgkQyc8Kn0p/AZQpuQCfXK3UcWOd8LR0FkHbRK0uqH9n
mYMAn0XVzkFoD7y4Cxkq3NLGpWyHp2x3
=YRkG
-----END PGP SIGNATURE-----

More information about the users mailing list